#BeCyberSmart: 5 Ways to Protect Your Health Tech

A stethoscope on top of a laptop keyboard.

October is National Cybersecurity Awareness Month.

Technological advances have made the field of home-use medical devices one of the most exciting in medicine. New technologies are being applied to all different types of devices, including those that are implanted, worn, and used at home or in health care settings. The result is safer, timelier, and more convenient patient care. But progress in the field has created new cybersecurity concerns.

Cybersecurity Incidents: A Public Health Issue?

Cybersecurity incidents are not as obvious a public health hazard as natural disasters. We’ve had less practice with cybersecurity incidents than, for example, a hurricane and its effects on personal and public health and safety. But just like a more traditional response to a disaster, we must prepare for all types of cybersecurity incidents and their consequences.

Cybersecurity incidents can happen by accident and impact a full range of systems, devices, and infrastructure that may have nothing to do with computers. Cyberattacks are incidents perpetrated by unauthorized actors who have malicious intent. Cybersecurity incidents can have negative effects that go beyond stolen information and threaten people’s health and safety.

Cybersecurity & Medical Devices

In the effort to make medical devices that can make managing a chronic health condition easier, manufacturers are designing devices that connect to the Internet, hospital networks, and even other medical devices. For example, a patient with an implanted heart device can now be monitored remotely and without visiting a doctor’s office.(1)

However, the same thing that makes these devices “smart” is also what makes them vulnerable to incidents that could impact the safety and effectiveness of a device and the health and wellbeing of people who rely on them.

#BeCyberSmart

Cybersecurity does not fall squarely on the shoulders of the government. It is a team sport. Every American has a role to play. Here are five simple ways you can #BeCyberSmart with personal health technology:

  1. Stay informed. The U.S. Food and Drug Administration (FDA) regulates all medical devices. If a medical device’s software has a weakness that might make it vulnerable to a cyberattack, the FDA may issue a cybersecurity safety communication that includes information about vulnerabilities and recommended actions for patients, providers, and manufacturers.
  2. Register your device. Even though it’s an extra step, registering a medical device with the manufacturer may help them reach you more quickly when there’s an urgent need to send out important information about the device, including software updates and safety communications.
  3. Update your software. Technology evolves over time, so software for your medical device will need to be updated. Medical device manufacturers can update a medical device for cybersecurity when needed and often do so by providing software updates.
  4. Look for glitches and report issues. A device that is not working as expected could be a sign that something isn’t right. Don’t ignore it. If you suspect that there is an issue with your device, notify your health care provider, the device manufacturer, and report the issue to FDA’s MedWatch.
  5. Share information. Educate your family or caregivers about your medical device. If a device isn’t working properly for any reason, someone who is already familiar with it may be able to help you recognize and report an issue. This is especially important if you aren’t very tech-savvy. Also, make sure your family knows how to reach the health care provider who prescribed the device in case you cannot.(3)

Medical devices are intended to improve health and help people live longer, healthier lives. But any medical device that runs on software and relies on a wireless or wired Internet connection is at risk, especially if the device is older and wasn’t made with cybersecurity in mind. Device makers, hospitals, facilities, and individuals, including patients and caregivers, must work together to manage cybersecurity risks.

References

Resources

Thanks in advance for your questions and comments on this Public Health Matters post. Please note that the CDC does not give personal medical advice. If you are concerned you have a disease or condition, talk to your doctor.

Have a question for CDC? CDC-INFO (http://www.cdc.gov/cdc-info/index.html) offers live agents by phone and email to help you find the latest, reliable, and science-based health information on more than 750 health topics.