Medical Devices Cybersecurity and Data Transfer Management, What we Need to Know

Medical devices are more connected to hospital networks, the internet, and other medical devices than ever before. As this connectivity increases so does the threat of a cybersecurity breach. The FDA has released a set of voluntary guidelines to better improve cybersecurity practices to preserve that integrity of PII (Personally identifiable information) data, assure the functionality and safety of medical devices. A variety of cybersecurity controls have been proposed, including: authentication, encryption, evaluation of threats/vulnerabilities, real time threat detection, and actions in the event of a breach. The rapid growth of integration and interconnection in medical device and information prompts a serious concern for cybersecurity. New GDPR (General Data Protection Regulation) guidelines, effective May 25, 2018 will create consistent protection of customer and personal data for all EU citizens. Noncompliance with these new guidelines will result in stiff penalties and fines. Protecting privacy, safely handling PII, appointing data protection officers and providing breach notifications will help better safeguard personal data. HIPPA regulations (Health Insurance Portability and Accountability Act) also sets standards for protecting sensitive patient data. All companies that deal with protected health information (PHI) must ensure that all physical, network, and security protocols are in place and followed.