Sales 877.QTS.DATA|Support 866.239.5000


June 20, 2016

FDA Guidance on Healthcare Device Security

FDA emphasizes importance of defensive and preventative cybersecurity strategies

As healthcare technology and medical devices become increasingly connected to the Internet of Things, the U.S. Food and Drug Administration has been taking an involved role in promoting the importance of cybersecurity measures. Recognizing the potentially life-threatening risks of security breaches to medical devices, and the inability to completely eliminate threats of attack, the FDA has made several recommendations for mitigating and managing cybersecurity threats.

Ensure Proper Safeguards

As a healthcare services provider, you are not responsible for building devices to certain security standards, but you are responsible for being aware of the safeguards your chosen devices are using to lessen risk of security breaches. Device manufacturers are not infallible, and devices without proper protection could have life or death outcomes.

In 2015, two infusion pump systems were found to have vulnerabilities that would allow unauthorized users to obtain control of the infusion pump, modifying the dosage. Thankfully, these vulnerabilities were found before any malicious attacks could affect a patient’s health. Still, the thought that a security breach could lead to someone manipulating critical patient therapy is a very real concern.

For providers of healthcare services, it is important to be educated and informed regarding the security of the devices you are using so that you can choose products that will be safe for your patients. However, some devices security may be dependent on the safety of your network, which is why the FDA recommends healthcare facilities to evaluate their hospital systems.

Evaluate Network Security

Healthcare device manufacturers do not hold the sole responsibility of protecting patients from the threat of security breaches. Hospitals and healthcare facilities should also evaluate their network security when considering the measures they can take to protect medical devices from tampering and hackers.

When discussing network safety, the conversation should include topics such as compliance and regulation standards, as well as alternative data solutions, such as cloud storage.  With the increasing complexity of healthcare data storage, many healthcare service providers are turning to third-party data center solutions to manage their multi-faceted data and cybersecurity needs.

QTS understands the pressure of the relentless demand to improve patient outcomes and reduce cost, which is why we offer a full range of solutions for medical information systems. Our data centers are built to HIPAA and HITECH compliance standards, and we’ve recently launched our industry-exclusive IaaS platform, Healthcare Community Cloud. QTS employs a specialized team of healthcare data experts as well, so you have trusted advisors for streamlining your IT operations and protecting your data.

For more information on the FDA’s cybersecurity advice and efforts, visit their Cybersecurity page. If you’re interested in QTS’ healthcare solutions, visit our website or call us toll-free at 877.QTS.DATA.
compliance, security, healthcare