Blackberry Plans To Shake Up Medtech.
Anyone who thought that Blackberry (NASDAQ:BBRY) was facing extinction with the demise of its mobile phones ought to think again. The company is now focusing on software over hardware, and counts healthcare systems among its top customers.
One area where the group hopes to make an impact is medical device cybersecurity, which has come under an unusually bright spotlight this year. David Kleidermacher, Blackberry’s chief security officer, tells EP Vantage that a standard he helped develop could improve the security of products from insulin pumps to implanted cardiac devices. “We try to hack into the device.
We try to find the vulnerabilities,” he says. “The idea is that any product can go through the evaluation process and be certified to have a decent level of security,” Mr Kleidermacher says.
This might seem like an odd area for Blackberry to be involved in, but the group believes that its expertise in other fields translates to healthcare. “For example, in financial payments, there’s a certification process for smartcards. And we put our mobile software through certification processes,” says Mr Kleidermacher. “In healthcare, that didn’t exist up until now.”
Standards
Blackberry is not alone in trying to enhance medtech cybersecurity. The FDA and the Association for the Advancement of Medical Instrumentation (AAMI) have both published guidance on the topic.
The FDA also recently formed a partnership with the National Health Information Sharing and Analysis Center, and the Medical Device Innovation, Safety, and Security Consortium to improve cybersecurity.
However, some experts are unsure whether these existing measures could prevent a cyberattack (Vantage Point – Medtech needs to up its cybersecurity game, November 1, 2016).
Mr Kleidermacher believes that current practice, which puts the onus on medical device companies, has room for improvement. “In the security world there’s one thing we’ve learned: trusting vendors to do the right thing is ridiculous,” he says. “It can’t just be ‘I’m going to hire some random company to assess me and trust me, I’ve done a good job’.”
He adds: “There’s tons of guidance out there. But there’s one best practice they’re all missing, and that is, at the end of the day, you need an independent evaluation by independent experts.”
The new standard, called DT SEC, meets this requirement as it is managed by a non-profit organization, he says. “In terms of having a program where any product from any vendor can be brought to this independent group to evaluate it for security, it’s the only program of its kind in medical devices.”
