Do medical device manufacturers have ambivalent safety thinking?26. April 2022
Do medical device manufacturers have ambivalent safety thinking?
San Francisco, 4/26/2022
The biggest cybersecurity challenge facing medical device manufacturers is managing a growing number of tools and technologies. That’s according to a global survey by software risk assessment firm Cybellum.
The survey was conducted by Global Surveyz, an independent survey firm. It surveyed 150 senior decision makers from North America, Europe and Asia. It shows that device security is still in its infancy and managed by many fragmented tools. Nearly half of survey respondents (43%) identified continuous management as the second biggest challenge facing security teams. In response to this challenge, 37% of respondents say they are making “left shifting” a priority in their development lifecycles.
David Leichner, CMO of Cybellum, cautions operators with the following advice: “The earlier you discover vulnerabilities in the development process, the less it costs the company.” That’s why monitoring needs to be continuous, he says. “You can’t just check the device in the design phase. You need to review it as your developers integrate the components and software to make sure no threats are introduced, and you need to be able to review it when it’s on the market.”
Trying to manage complex security challenges can be difficult if you don’t have cybersecurity awareness, Leichner says. “These devices are computers. They can be hacked just like computers. Until that mindset is ingrained in device manufacturers, there will be no real security in the medical device industry.”
From the survey, respondents appear to be ambivalent about cybersecurity. Eighty-three percent of survey respondents believe device security can give them a competitive advantage in the marketplace. But 80% believe it is a necessary evil imposed by regulators. “One reason for these conflicting views is that while there have been many recalls due to security breaches, there has not yet been a medical device hack that has caused major damage,” Leichner says. “It is to be expected that this will happen.”
In addition, more than three-quarters of respondents (78%) say they are doing the minimum to comply with regulations. This could help explain why, on average, only half of companies are meeting their compliance obligations, the report says.