Document Type
Article
Publication Date
2018
Publication Citation
19 Minnesota Journal of Law, Science & Technology 405 (2018)
Abstract
Cybersecurity, including the security of information technology (IT), is a critical requirement in ensuring society trusts, and therefore can benefit from, modern technology. Problematically, though, rarely a day goes by without a news story related to how critical data has been exposed, exfiltrated, or otherwise inappropriately used or accessed as a result of supply chain vulnerabilities. From the Russian government's campaign to influence the 2016 U.S. presidential election to the September 2017 Equifax breach of more than 140-million Americans' credit reports, mitigating cyber risk has become a topic of conversation in boardrooms and the White House, on Wall Street and Main Street. But oftentimes these discussions miss the problems replete in the often-expansive supply chains on which many of these products and services we depend on are built; this is particularly true in the medical device context. The problem recently made national news with the FDA-mandated recall of more than 400,000 pacemakers that were found to be vulnerable to hackers necessitating a firmware update. This Article explores the myriad vulnerabilities in the supply chain for medical devices, investigates existing FDA cybersecurity and privacy regulations to identify any potential governance gaps, and suggests a path forward to boost cybersecurity due diligence for manufacturers by making use of new approaches and technologies, including blockchain.
Recommended Citation
Michael Mattioli, Scott J. Shackelford, Steve Myers, Austin Brady, Yvette Wang & Stephanie Wong,
Securing the Internet of Healthcare,
19 Minnesota Journal of Law, Science & Technology 405 (2018)
(2018).
Available at:
https://www.repository.law.indiana.edu/facpub/2681
Included in
Health Information Technology Commons, Health Law and Policy Commons, Information Security Commons