Most medical #devices that don't have #antiVirus installed… Who's responsible for #security vulnerability? #iHT2 pic.twitter.com/zHUuwPTN83
— Wen Dombrowski MD (@HealthcareWen) October 8, 2014
If a picture is worth a thousands words, the above picture is worth about 10,000. I think this picture is best summed up by saying that the medical device industry is a heavily regulated industry. You can see why EHR vendors don’t want to be regulated by the FDA. It would get pretty crazy.
This image also illustrates to me why a company that’s built an FDA or medical device compliance capability has something of real value. Navigating the process is not easy and it helps if you’ve been there and done it before.
As to Dr. Wen’s comment on the tweet. There are a lot of challenges when it comes to medical device security. Definitely no antivirus and many are running on old operating systems that can’t be updated. We’re going to have to put some serious thought into how to solve problems like these in future medical devices.
Beyond virus problems, there is general device security to worry about. Is the device wireless? More issues. Does the device connect to something (anything) to send info? More issues.