July 31, 2019

Concern Grows Over Security of Remote Cardiac Devices; New Technology and Increased Awareness Reduces Risk

Data hackers are finding ways to penetrate the security of remote medical monitoring devices, however new technology combined with increased customer awareness can mitigate risk.

Warnings about the data security of remote cardiac devices have caused concern among health officials and providers, but new technology and improved overall awareness can ensure patient safety, according to InfoBionic CEO Stuart Long.

A recent alert from the U.S. Food and Drug Administration reported that some cardiac implants could be hacked from as far as 20 feet away.⁽¹⁾  However, the Department of Homeland Security also notes that the window for potential hackers is limited because the radio frequencies of monitors vary by patient and clinic. This unpredictability would make it difficult for a hacker to be both within range and able to tap into the radio frequency at the same time. If successful, however, hackers can modify or reprogram the device, allowing them to access or alter sensitive patient data. This, combined with the fact that 45 million medical device recalls took place in 2018 due to software and security issues, has made data integrity the top priority for developers and patients alike. ⁽²⁾

“Collecting data remotely is the standard for surveillance and management of patients and has resulted in improved patient outcomes over the last 10 years, but more cyber security risks have arisen from devices using wireless radiofrequency or Bluetooth connectivity. The need for developers and healthcare providers to secure patient data is as critical as ever,” said Long. “Fortunately, new technology, improved consumer awareness and precautionary steps will reduce the risk of hackers accessing heart monitors and patients’ personal identifying information.”

The FDA still urges patients to wear and use their monitors despite these risks, as the benefit of remote cardiac monitoring surpasses the potential security threat.⁽¹⁾ Nonetheless, the concern over patient data poses a serious threat for an industry positioned for tremendous growth in the near future. According to industry analysts, the connected medical device market is predicted to see significant growth over the next five years, ballooning to a value of $63 billion by 2024. ⁽²⁾

“That growth is due to more and more health care providers using remote data collection because of the many benefits it has provided patients, however, the security of that data has not kept up. Any lack of confidence in the device security could severely damage the industry and device manufacturers in the future,” Long continued.

InfoBionic has been working to set industry best standards with their MoMe Kardia platform, which meets the highest levels of security and privacy. The platform’s infrastructure is hosted on a HITRUST CSF Certified environment and HIPAA Compliant with external auditing. Available SOC2 Level 2 Reporting is completed annually. To meet the NIST Cybersecurity framework for encryption, MoMe Kardia is FIPS 140-2 compliant.

What does this mean in layman’s terms? Simply that InfoBionic follows HIPAA and HITECH regulations as set forth by U.S. Health and Human Services—and their adherence to HIPAA requirements means that all data on their servers is encrypted when it is at rest or in transit. InfoBionic’s MoMe^® Kardia is a wearable remote cardiac monitor that securely sends detailed heartbeat data directly to doctors’ mobile device in real time, enabling rapid diagnosis and intervention in patients with cardiac problems.

While others in the industry work to update their devices and security software, there are some precautions patients can take in the meantime. Long recommends that patients only use home monitors and implantable devices obtained directly from the manufacturer, and they should take advantage of the latest software upgrades and other device improvements. These precautions will ensure the device has not been tampered with and is updated with the latest security software.

“True cybersecurity begins by designing protected software, which means bringing together all of the stakeholders involved—including software and security experts and medical professionals,” Long said. “The future of cardiac diagnostic monitoring is now, and we as an industry have to be prepared to meet the needs—including safety and security—of the patient end-users.”

About InfoBionic

InfoBionic is a digital health company transforming the efficiency and economics of ambulatory remote patient monitoring processes by optimizing clinical and real-world utility for the users that need it most – physicians and their patients. The Massachusetts-based team of seasoned entrepreneurs have had successful careers in healthcare, IT, medical devices and mobile technology, and bring specific expertise in remote monitoring and cardiology. They have seen first-hand the complexities of traditional cardiac arrhythmia detection and monitoring processes and designed the transformative MoMe® Kardia platform to remove the roadblocks hindering faster, more effective diagnosis and decision-making. Frost & Sullivan bestowed the 2019 North American Remote Cardiac Monitoring Technology Leadership Award upon InfoBionic. For more information visit www.infobionic.com

About MoMe^® Kardia

The company’s flagship product, the MoMe® Kardia 3-in1 monitor, is the first non-invasive remote cardiac monitor to offer truly full disclosure, heartbeat-to-heartbeat data over the Cloud, allowing doctors 24/7 real-time access to hospital telemetry-level data. With the MoMe® Kardia, doctors will be able to eliminate third-party monitoring data services and take full ownership of the cardiac monitoring process, empowering them to realize lucrative new revenue streams by billing globally for the monitoring service. MoMe® Kardia is not intended for use as an emergency medical response system. Call 911 if you feel you are having a medical emergency.

Sources

1. Tung, Liam. “FDA Warning: Scores of Heart Implants Can Be Hacked from 20ft Away.” ZDNet, ZDNet, March 22, 2019.
2. Hoffman, Stacie. “The 17 Requirements for Secure Connected Medical Devices.” Medical Plastics News, July 2, 2019