Advertisement

Cybersecurity vulnerabilities of cardiac implantable electronic devices: Communication strategies for clinicians—Proceedings of the Heart Rhythm Society's Leadership Summit

      Computers, networking, and software have become essential tools for health care. Our daily lives increasingly depend on digital technology, and we are persistently bombarded by the need to secure the systems and data they generate and store from attack, damage, and unauthorized access. Cybersecurity vulnerabilities of cardiac implantable electronic devices (CIEDs) are no longer hypothetical. While no incident of a cybersecurity breach of a CIED implanted in a patient has been reported, and no patient is known to have been harmed to date by the exploitation of a vulnerability, the potential for such a scenario does exist. The public awareness of cybersecurity vulnerabilities in medical devices, particularly devices such as CIEDs on which a patient's life may depend and where the potential for reprogramming or rendering the device nonfunctional exists, is raising questions and fueling fears among patients and the clinical provider community. The Heart Rhythm Society (HRS) has identified a gap in clinician-patient communication about the appropriate balance of the risks of such a potential attack against the benefits of lifesaving medical devices. To address these communication gaps, HRS convened a 1-day summit in November 2017, in partnership with the U.S. Food and Drug Administration (FDA). The goal of the meeting was to develop patient-centered communication strategies for health care professionals, industry, and governmental agencies. Participants included patient representatives, subject matter experts, HRS and the American College of Cardiology leadership, representatives from the FDA, and the Federal Bureau of Investigation (FB1) and leadership of 5 CIED manufacturers. This proceedings statement is based on the 4 communication themes that emerged from the discussion: when to notify patients, whom to notify, how to communicate with patients, and key elements to discuss with patients.

      Keywords

      To read this article in full you will need to make a payment

      Subscribe:

      Subscribe to Heart Rhythm
      Already a print subscriber? Claim online access
      Already an online subscriber? Sign in
      Institutional Access: Sign in to ScienceDirect

      References

        • Vulnerability (computing)
        Wikipedia Web site.
        (Accessed April 18, 2018)
        • Threat actor
        TechTarget Web site.
        (Accessed April 18, 2018)
        • Exploit (computer security)
        Wikipedia Web site.
        (Accessed March 25, 2018)
        • Ransomware
        Webopedia Web site.
        (Accessed February 25, 2018)
        • Security Tip (ST04-015)
        Understanding Denial-of-Service Attacks. United States Computer Emergency Readiness Team (US-CERT) Web site.
        (Accessed February 25, 2018)
        • Firmware
        Wikipedia Web site.
        (Accessed April 18, 2018)
      1. Software Update Site For Hospital Respirators Found Riddled With Malware. Threatpost Web site.
        (Accessed February 10, 2018)
      2. Executive Order – Improving Critical Infrastructure Cybersecurity. The White House President Barack Obama Web site.
        (Accessed February 10, 2018)
        • Membership Community
        Association for the Advancement of Medical Instrumentation Web site.
        (Accessed April 18, 2018)
      3. AAMI TIR57: Principles for Medical Device Security—Risk Management. Association for the Advancement of Medical Instrumentation Web site.
        (Accessed February 10, 2018)
      4. Postmarket Management of Cybersecurity in Medical Devices. U.S. Food and Drug Administration Web site.
        (Accessed January 20, 2018)
      5. Content of Premarket Submissions for Management of Cybersecurity in Medical Devices. U.S. Food and Drug Administration Web site.
        (Accessed January 20, 2018)
      6. Medical Device Safety Action Plan: Protecting Patients, Promoting Public Heath. U.S. Food and Drug Administration Web site.
        (Accessed January 20, 2018)