Friday Q&A: MedCrypt’s Naomi Schwartz on designing cybersecurity for diabetes devices

Schwartz, who helped review the first automated insulin dosing system, talks about balancing patient access and device security. After years of accusations that regulators, hospitals, and device manufacturers weren't taking cybersecurity seriously, Congress has now handed the Food and Drug Administration explicit control for medical device cybersecurity. Medical device companies are taking security into account earlier in the process due to increased concerns about both regulation and hacks, according to Naomi Schwartz, who joined San Diego, California-based medtech security firm MedCrypt as senior director of cybersecurity quality and safety last summer. Prior to joining the business, Schwartz was a premarket reviewer and consumer safety officer for the FDA's Office of In Vitro Diagnostics and Radiological Health, where she gave the first automated insulin dosing device her seal of approval for its software and cybersecurity. Elise Reuter of MedTech Dive and Schwartz discussed the FDA's strategy. Diabetic devices, such as insulin pumps and glucose monitors, are critical tools for people with diabetes to manage their health. However, these devices can also be vulnerable to cybersecurity threats, which can potentially have serious consequences for patient safety.

Here are some ways to improve cybersecurity for diabetic devices:

• Choose devices with strong security features: When selecting diabetic devices, look for products that have strong security features, such as encryption, two-factor authentication, and regular software updates.
• Keep devices updated: Regularly update the software and firmware on diabetic devices to ensure that they have the latest security patches and fixes.
• Use strong passwords: Create strong and unique passwords for each device, and avoid using easily guessable passwords like "password123".
• Limit access to devices: Only allow authorized individuals to access diabetic devices, and never share login credentials or other sensitive information.
• Monitor for suspicious activity: Keep an eye out for any suspicious activity on diabetic devices, such as unexpected changes to settings or unusual data readings.
• Work with healthcare providers: Work with healthcare providers to ensure that they are also taking appropriate steps to protect patient data and devices.
• Report any issues: If you suspect that a diabetic device has been compromised, immediately report the issue to the device manufacturer and your healthcare provider.