Heart of Health Policy | Are You Prepared to Address Cybersecurity Vulnerabilities in CIEDs?
A new statement released at the Heart Rhythm Society’s 39th Annual Scientific Sessions last month outlines communication recommendations to assist health care professionals in understanding and preparing for potential cybersecurity vulnerabilities of cardiovascular implantable electronic devices (CIEDs).
The statement is the result of a 2017 Heart Rhythm Society Leadership Summit on Cybersecurity Vulnerabilities: Communications Strategies for Clinicians and Patients. It highlights several factors, including the “interconnectedness of the health care environment” and the “common persistence of outdated and unsupported software” that make CIEDs particularly vulnerable to exploitation. Given these factors, patients with CIEDs can feel particularly vulnerable and are turning to their health care professionals for guidance.
The authors highlight the importance of educating patients prior to CIED implant, and in advance of an announcement of a specific vulnerability or threat, so that they understand the systems in place to quickly assess and respond to potential vulnerabilities and are less likely to fall prey to those seeking to exploit patient fears.
The statement recommends that experts from manufacturers and federal agencies, such as the U.S. Food and Drug Administration (FDA), be the first line of defense in assessing a threat. From there, if vulnerability is validated, they suggest that health care professionals can then serve a critical role in assisting patients to interpret the significance of a cybersecurity vulnerability, the relative risks and benefits of continuing to receive therapy from the potentially affected device and deciding if they will pursue a mitigation strategy.
Five topics of discussion between the health care professional and patient should include:
- Potential consequences if the vulnerability is exploited
- Strategies to mitigate the risks
- Technical challenges to exploit the vulnerability
- Long-term solutions to eliminate the threat
- Benefits provided by the CIED compared with the risk if the vulnerability is exploited
“Medical societies and health care professionals are important resources not only to our patients, but to manufacturers and the FDA,” said Mary Norine Walsh, MD, MACC, immediate past ACC president and an author on the statement. “We are on the front lines of care and can help to ensure communications are consistent, accurate and effective.”
Keywords: ACC Publications, Cardiology Magazine, Health Policy, United States Food and Drug Administration, Leadership, Societies, Medical, Societies, Scientific, Computer Security, Software, Risk Assessment
< Back to Listings