Many people do not realize the cybersecurity risks associated with common medical devices, such as insulin pumps and pacemakers, but these medical devices can be prone to hacking and to errors, experts said at a meeting of the US Food and Drug Administration’s (FDA’s) Patient Engagement Advisory Committee (PEAC) on September 10.
Physicians and healthcare providers may not know how to educate patients about these issues ― if they give patients too little information, patients may not understand when to get help with their device. If providers give the patient too much information or in language they don’t understand, patients may become unnecessarily anxious.
Hacking a Serious Problem
When most people envision someone hacking an electronic device, their first thought is not usually of a medical device such as an insulin pump, but at least two speakers at the advisory committee meeting described how easy it was to hack their own medical devices by reverse-engineering them.
One factor relates to how medical devices have changed over time. Many medical devices, including surgical laser systems, blood pressure cuffs, dialysis systems, and MRI machines, formerly were “standalone technologies implanted in patients or used in hospitals or clinics to diagnose, treat, or manage health conditions,” according to an FDA briefing document.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
Now, many of these devices have a software component and are interconnected via wireless access networks and other networks. These factors increase the devices’ functionality, but they pose problems as well, including exposing patients’ private information and making errors the patient is unaware of, such as administering a wrong dose of insulin.
“In medical device cybersecurity, the risk is typically associated with an unauthorized person (threat) accessing the device(s) of one or more patients by exploiting a vulnerability (such as a security weakness in the device’s software or firmware). Examples include inappropriate pacing or shocks from a pacemaker or inappropriate dosing from an infusion pump,” according to the FDA briefing document.
Panel members discussed the types of information healthcare providers should tell patients, effective ways of communicating that information, and when and how to report problems with devices.
User-Friendly Approach Is Key
Committee members repeatedly said that many devices and the instructions that come with them are cumbersome and difficult to understand. Software updates and patches are needed to fix certain problems, but alerts to update devices such as cell phones occur frequently, and some users ignore alerts because they know that they will likely lose valuable information once they update their device.
Healthcare providers should use culturally appropriate language the patient understands and should use a translator if necessary. They should offer information in small portions to allow patients time to process and understand it. Healthcare workers should also consider using pictures and visual displays instead of words when possible.
Date: September 24, 2019
Source: Medscape