Cybersecurity group reaches out to device industry

As regulators and medical device manufacturers slowly come around to the seriousness of cybersecurity, a global nonprofit is stepping in to set new standards and help the industry prevent hacking.

The Center for Internet Security, which advises government agencies and private companies, wants to build on the FDA's recent draft guidance on device security, looping in manufacturers and hospitals as it develops recommendations on how best to protect patients from would-be data thieves.

First up, CIS will focus on infusion pumps, examining their remote communication technologies and inherent vulnerabilities, eventually moving on to pacemakers, defibrillators and other implants, the group said.

"The technological advancements that enable healthcare providers to embed life-saving devices and treat patients remotely are tremendous," CIS CEO William Pelgrin said in a statement. "We must do everything we can to protect those devices and the patients who rely on them."

The nonprofit is inviting any and all medical device outfits to join its effort, and, now that the industry has changed its tune on the issue, it might even find some takers.

After years of brush-offs and deaf ears, medical device companies are gradually taking seriously the chorus of hackers and lawmakers warning that many medical devices are susceptible to security breaches and, theoretically, weaponization. The FDA has come around, too, in June proposing to change its rules and require devicemakers to include cybersecurity information along with clinical data when seeking approval.

- read the announcement