Cyber Insurance Blog

Hackers of your Heart: Medical Device Cyber Security Risks

Hackers of your Heart: Medical Device Cyber Security Risks

Perhaps you’ve heard recent news about a hacker’s ability to manipulate certain implanted heart devices, such as pacemakers, and interfere with a person’s heartbeat? Or how they can change the results of a CT scan image? Just like your computer at work, medical devices are connected to networks that can be hacked. This includes CT scanners, pacemakers, or one of the many devices that surround a hospital bed. As technology in medicine grows, medical device cyber security risks follow.

As these risks continue to evolve, it’s imperative that your cyber protection is as advanced as possible. ProWriters can help you pinpoint your specific cyber exposures and our team of experts will help you choose the best cyber insurance coverage to fit your specific needs. Our Cyber IQ Comparative Rate Platform allows you to instantly compare quotes from multiple carriers.

If the bad actor can manipulate a company’s work email by infiltrating the network and inserting malware, they can just as easily manipulate the results of a hospital’s CT scan, which is transmitted across that very same network. It’s important to know your risks and protect yourself from potential hackers and ProWriters can help you do just that.

While news reports of cyber attacks on medical devices are relatively new, these risks have been known for some time. In 2007, former Vice President Dick Cheney’s doctors disabled the wireless feature on his pacemaker to prevent anyone from hacking into it and interfering with his heartbeat.

Between 2015 and 2018, the Federal Drug Administration (FDA) issued six specific warnings addressing potential medical device security issues. This included:

  • Infusion pumps
  • Implanted cardiac devices
  • Cardiac resynchronization therapy pacemakers
  • Implanted defibrillators

In an FDA report from 2018, the FDA noted that the vulnerabilities in certain medical devices “could allow unauthorized users to remotely access, control and issue commands to compromised devices, potentially leading to severe patient harm.”


Before you continue reading, follow us on LinkedIn so you don’t miss any important cyber updates:

At ProWriters, we believe in taking the conservative approach to potential cyber security threats: It’s not a matter of if, but when. Continue below to learn more about how a cyber insurance policy with ProWriters can protect your organization, clients, customers, and patients.

How to Manage the Risk of Medical Device Security Vulnerabilities

  • Communication & Coordination
    X-ray of a chest, which shows a pacemaker on the right-hand right of the chest cavity. As medical devices are an integral component of medical networks, their cyber security protection is imperative. This requires communication and coordination from all parties involved, including:

    • Medical Personnel
    • IT Professionals
    • Medical Device Manufacturers
    • Network Vendors
    • Cyber Security Experts

    Including these stakeholders in an enterprise incident response plan is an effective way to ensure an organization is prepared for any wireless medical device security issues.

  • Asset Management
    Being conscious of what devices are in use and who has access to them is also key to risk management. This so-called “asset management” is crucial for any organization with medical devices. This includes:

    • Controlling how devices are networked
    • Limiting how each device can communicate within the network
    • Identifying and isolating devices that are breached to reduce exposure
    • Maintaining tight security on IDs & passwords that store or transmit patient data
  • Cyber Insurance Policies
    Finally, any healthcare provider or manufacturer involved in the healthcare field should undertake a careful review of its insurance portfolio to ensure it’s prepared for any medical device cyber security risks. It’s important to ensure that appropriate coverages are in place to cover these known, but evolving risks. Cyber and Technology Errors & Omissions policies ensure that manufacturers and healthcare organizations are equipped to address these foreseeable exposures. Further, business interruption coverage is imperative, as a malware attack can cause business income losses to healthcare institutions or other providers. Companies will need to review their coverages under both their CGL/products liability policies as well as bodily injury policies for patients impacted by a medical device compromise or failure as a result of a breach.

Understanding the inherent cyber security risks of medical devices and preparing to respond to a security incident is integral to keeping both customers and companies happy and healthy. As cyber security threats continue to evolve, it’s important to ensure our protection against them stays as current and up to date as possible. ProWriters takes the necessity that is cyber insurance and offers it in a simplified, more streamlined, version to give you multiple options for the best possible coverage.

For more information on cyber security policies, contact a ProWriters expert or call us at (484) 321-2335.

Subscribe to Our Monthly Newsletter!

    Retail vs. Wholesale Brokerage

    Experts Weigh In

    Get the eBook