The Australian Therapeutic Goods Administration (TGA) has published its guidance framework dealing with medical device cyber security for manufacturers and sponsors of medical devices, as well as for consumers, health professionals and other users. This is driven by a number of challenges that regulators face to protect users against cyber security risks, including the alteration of device function, loss to privacy and the alteration of personal health data.
The crux of the framework is based on the TGA view that knowledge is power, in that patients using connected medical devices should be informed about the potential cyber security risks those devices have, and take proactive measures to protect their devices and networks.
The TGA has suggested that changing default passcodes for accounts linked to the medical device, exercising caution if the medical device communicates suspicious messages and regularly updating software and relevant applications are just some proactive measures that users can take. This goes hand in hand with installing and updating security measures for home networks and IT equipment.
For manufacturers and sponsors of medical devices, the TGA recommends conducting risk assessments, monitoring potential threats in the supply chain, adopting regular code reviews and penetration testing, and implementing trusted access measures to reduce cyber security risks.
The connectivity and digitalisation of medical device technologies provides crucial therapeutic benefits. However, in the evolving digital health and cyber landscapes, both users and manufacturers need to consider and act against cyber security risks to protect users. Without these, it’s easy to imagine a world where pacemakers run wild, hearing aids randomly turn themselves up or down at inopportune times, and images of your private medical issues are plastered over the Internet!