St. Jude Medical, a medical device manufacturer that was recently accused of allowing security vulnerabilities to persist that placed device users at risk from cyberattacks, has announced that further steps are being taken to ensure that cyber security risks are addressed.
The company has taken the decision to form a new Cyber Security Medical Advisory Board (CSMAB) which will work with industry experts and government agencies to advance cybersecurity standards in the medical device industry. In addition to ensuring that technology is improved to mitigate cyber security risks, the new CSMAB will also open up discussions with physicians to ensure that medical devices continue to serve the needs of patients.
Dr. Leslie A. Saxon, executive director of the USC Center for Body Computing and professor of medicine at the University of Southern California’s Keck School of Medicine is one of the founding members of the CSMAB. He recently said “Cyber security is an ongoing challenge for many industries and it is essential that medical device companies have a clinical perspective when assessing the security of their products.” Saxon went on to say, “I look forward to working closely with the medical experts on the Board to assess cyber security risks and how they may affect patient care and safety.”
Saxon will be joined by Andrew Epstein of the University of Pennsylvania’s Perelman School of Medicine, Ken Ellenbogen of the Virginia Commonwealth University Health System, and Niraj Varma of the Cleveland Clinic. St. Jude Medical is still in the process of finalizing membership of the CSMAB. Other members will be announced shortly.
Dr. Mark Carlson, chief medical officer at St. Jude Medical, explained the decision to form the CSMAB. “We take the cyber security of our devices very seriously and creating the Cyber Security Medical Advisory Board is one more demonstration of our ongoing commitment to advancing standards of patient care around the world without comprising safety and security.”
While the company has recently been criticized for failing to address vulnerabilities in its products, there is still some debate as to whether the flaws uncovered by MedSec researchers – and announced by Muddy Waters – could be exploited by hackers. St. Jude Medical has rebuffed the allegations.
St. Jude Medical pointed out that the latest move continues the company’s dedication to building in safeguards into its devices to ensure they are protected from cyberattacks. The company has worked with third party security experts and researchers for many years to ensure that potential security vulnerabilities are identified, threats prioritized, and safeguards developed to addressed security risks and improve patient safety. The formation of the CSMAB will help to ensure that that process continues and security is improved without jeopardizing patient care.