In our mission to provide the highest quality cybersecurity for IoT firmware, we were very proud to share that our ZeroDayGuard Developers Toolkit was granted IEC 62304 classes A, B, and C certification by independent auditors at TÜV SÜD. Not only is this an important achievement for us as a company, but it reflects our dedication to enhancing safety in today’s digital environment, especially for the medical device industry.
Innovation in the Medical Device Industry
Like many other fields, technological advances are driving the medical field forward. That is especially true when considering the devices that are used to carry out various treatments and procedures. Developments like IoMT (Internet of Medical Things) are re-defining the speed at which doctors, and other practitioners, can transmit information, provide analysis and receive results. Examples of the processes that have benefited include MRIs and heart-rate monitoring.
This type of success is fueling demand. In fact, it’s been predicted that the IoMT market will grow to $176B by 2026 and to $446B by 2028, according to MD+DI. And, it has been estimated that there is an average of 10-15 connected medical devices per bed in hospitals throughout the United States.
Connected Medical Device Market Sparks Cybersecurity Concerns
Also, like other fields, this rapid adoption of connected tech comes with some downfalls as well. One of the riskiest is its vulnerability to cybersecurity breaches. In 2021, healthcare was a leading target for cyberattacks with a 51% increase in incidents compared to 2019. Just in 2020, there were a reported 560 facilities in the U.S. that were victims of ransomware, which can cost an organization up to $1.85 million.
A contributing factor to this trend is exposure stemming from connected devices. Security Boulevard summarized a study that found more than half of such devices used in hospitals contained a weakness that could jeopardize patient data.
Action to Protect Medical Devices
An assault on medical providers does not just have the potential to be extremely costly. It can also lead to workforce issues and put a patient’s care at severe risk. So, it is no wonder that this building concern has not gone unnoticed. As written by Mike Gregory at Health Tech Magazine, “the federal government has continued to keep a close watch on the sector.” Earlier this year, the PATCH Act, a bipartisan bill addressing medical device security, was introduced and amplified by the American Hospital Association.
There have also been initiatives outside of the U.S. taking place. The European Commission launched a database known as Eudamed with the purpose to “register every medical device authorized to be used across the 27-member European Union, and allow national medical regulators and device makers to know of authorized use of devices, safety issues, recalls and new regulations,” as explained by Nick Paul Taylor for MedTech Dive.
In addition to such efforts, there is the IEC 62304 certification, which Dellfer’s ZeroDayGuard Developer Toolkit received for development projects with safety goals of classes A, B, and C. Essentially, A, B and C classifications indicate the level of harm that can occur if that specific medical device were compromised. This means that, when applied, a tool such as ZeroDayGuard can help to mitigate the likelihood of such a problem from happening. Having this type of certification program not only brings much needed consistency to medical device security, but also designates the leading resources available so that organizations can take the proactive measures needed to safely operate in the evolving landscape, which we at Dellfer believe increasingly involves cybersecurity.
Learn more about ZeroDayGuard Developer Toolkit’s certification at https://dellfer.com/dellfer-announces-iec-62304-certification-for-any-class-of-medical-device-software%ef%bf%bc/.
- “Risk Management Considerations for IoMT & Medtech Product Design” – Ed Lanzilotta, MD+DI
- “Connected Medical Device Market – Growth, Trends, COVID-19 Impact, and Forecasts (2022 – 2027)” – Yahoo Finance
- “Secure Your Distributed Medical Devices with Robust Machine Identity Management” – Brooke Crothers, Security Boulevard
- “What Growing Federal Scrutiny of Healthcare Cybersecurity Means for Organizations” – Mike Gregory, Health Tech Magazine
- “European Commission targets spring of 2024 for fully functional Eudamed database” – Nick Paul Taylor, MedTech Dive