Innovative medical devices may not do your consumers or your company any good if they are not safe. Safety in the era of the Fourth Industrial Revolution does not just mean mechanical reliability. It means that your consumers can be confident that their devices will not be hacked.
To help create that confidence in their products, medical device companies should accompany their quest for innovation with a multiyear cybersecurity and technical risk plan. The earlier they have this plan in place and active to prevent security breaches, the better. No company wants its devices in the headlines for having fallen victim to a cyberattack.
Ongoing developments will make cybersecurity even more important
Our team at KPMG has identified five factors that are likely to make cybersecurity even more of a challenge—and an opportunity for those companies who can demonstrate that they are proactively fending off threats:
- Wireless mobile medical devices are booming. The market for wearable medical devices will grow to $70 billion a year in 2025 from $20 billion in 2015, according to the National Institutes of Health. These devices improve quality of life and lower costs, but they carry many cybersecurity risks. Without appropriate security, for example, hackers could intercept, modify, and extract patient data with a receiver antenna.
- 3D printing is about to revolutionize personalized medicine. 3D printing will likely impact both implantable and nonimplantable medical devices, as well as the execution of services and on-demand capabilities. But with 3D printers usually connected to a larger network, hackers could potentially tamper with them or access design files that hold proprietary information.
- Next generation sequencing (NGS) is growing. NGS can detect disorders earlier and customize treatments. More than 120 drugs approved by the Food and Drug Administration (FDA) have pharmacogenomics data in their labeling, and this technology is likely to spread quickly. Medical device organizations would be wise to design devices that support NGS to catch this trend, but NGS requires intensive collaboration among disparate research facilities. That means widespread data sharing—and potentially widespread vulnerability to hacking.
- Demographics are driving growth in implants. The elderly population is growing. That may mean a growing market for implantable medical devices to treat conditions such as heart disease, neurological disorders, and hearing loss. That in turn will provide an opportunity to collect data via wireless transmission, permitting Big Data techniques to anticipate and meet market needs. But this new trove of data could also create new risks for protected patient information.
- Reimbursement risk is rising. Cyber attacks are not the only risk that new medical devices face. Public or private insurers may refuse to pay for them. Among the ways to reduce this risk are integrating reimbursement assessment early in the product design stage, and focusing work on a clinical problem that needs a solution, rather than on a technological innovation that needs an application.
Cybersecurity can be a competitive edge
A recent healthcare study said that 50 percent of consumers would think twice about using any network-connected healthcare device, and 62 percent value cybersecurity more than ease of use. Also, the FDA is likely at some point to issue cybersecurity regulations for medical devices.
Companies that work now to show regulators and consumers that their devices are well-protected against cybersecurity threats may get products to market sooner and find a more receptive market.
To learn more about how medical device companies can prepare for cybersecurity threats, I encourage you to look at our recent white paper as well as the series on medical device cybersecurity and privacy that we have just begun. We will be adding to this series in the coming weeks with a new release every six to eight weeks.