Warnings about the data security of remote cardiac devices have caused concern among health officials and providers, but new technology and improved overall awareness can ensure patient safety, according to InfoBionic CEO Stuart Long.

A recent alert from the U.S. Food and Drug Administration reported that some cardiac implants could be hacked from as far as 20 feet away.⁽¹⁾  However, the Department of Homeland Security also notes that the window for potential hackers is limited because the radio frequencies of monitors vary by patient and clinic. This unpredictability would make it difficult for a hacker to be both within range and able to tap into the radio frequency at the same time. If successful, however, hackers can modify or reprogram the device, allowing them to access or alter sensitive patient data. This, combined with the fact that 45 million medical device recalls took place in 2018 due to software and security issues, has made data integrity the top priority for developers and patients alike. ⁽²

“Collecting data remotely is the standard for surveillance and management of patients and has resulted in improved patient outcomes over the last 10 years, but more cyber security risks have arisen from devices using wireless radiofrequency or Bluetooth connectivity. The need for developers and healthcare providers to secure patient data is as critical as ever,” said Long. “Fortunately, new technology, improved consumer awareness and precautionary steps will reduce the risk of hackers accessing heart monitors and patients’ personal identifying information.”

The FDA still urges patients to wear and use their monitors despite these risks, as the benefit ofremote cardiac monitoring surpasses the potential security threat.⁽¹⁾ Nonetheless, the concern over customer data poses a serious threat for an industry positioned for tremendous growth in the near future. According to industry analysts, the connected medical device market is predicted to see significant growth over the next five years, ballooning to a value of $63 billion by 2024. ⁽²⁾

“That growth is due to more and more health care providers using remote data collection because of the many benefits it has provided patients, however, the security of that data has not kept up. Any lack of confidence in the device security could severely damage the industry and device manufacturers in the future,” Long continued.

InfoBionic has been working to set industry best standards with their MoMe Kardia platform, which meets the highest levels of security and privacy. The platform’s infrastructure is HiTRUST 9.1 Certified and HIPAA Compliant with external auditing. Available SOC2 Level 2 Reporting is completed annually. To meet the NIST Cybersecurity framework for encryption, MoMe Kardia is FIPS 140-2 compliant. 

What does this mean in layman’s terms? Simply that InfoBionic follows HIPAA and HITECH regulations as set forth by U.S. Health and Human Services—and their adherence to HIPAA requirements means that all data on their servers is encrypted when it is at rest or in transit.InfoBionic’s MoMe^® Kardia is a wearable remote cardiac monitor that securely sends detailed heartbeat data directly to doctors’ mobile device in real time, enabling rapid diagnosis and intervention in patients with cardiac problems. 

While others in the industry work to update their devices and security software, there are some precautions patients can take in the meantime. Long recommends that patients only use home monitors and implantable devices obtained directly from the manufacturer, and they should take advantage of the latest software upgrades and other device improvements. These precautions will ensure the device has not been tampered with and is updated with the latest security software.

“True cybersecurity begins by designing protected software, which means bringing together all of the stakeholders involved—including software and security experts and medical professionals,” Long said. “The future of cardiac diagnostic monitoring is now, and we as an industry have to be prepared to meet the needs—including safety and security—of the patient end-users.”