America's largest healthcare recruiting firm.

 



For over fifteen years, I have utilized Buckman Enochs Coss to hire over one hundred individuals for Sales and Sales Management positions for a variety of healthcare technology firms. Whether it’s been for Fortune 500 companies or early stage, VC backed start-ups, BEC has always done a terrific job in sourcing top-talent.

Scott Schlesner
Vice-President of Sales
Elsevier

Medical Devices and Cyber Security
As a medical device sales rep or sales manager, are you prepared to answer questions about your product’s cybersecurity capabilities? If you’re asked, can you explain the measures your company takes to protect the device from counterfeiters, or worse, hackers outside of the hospital or clinic? If you fully understand the implications of the question and you’re ready to grab some chalk and provide a full and detailed explanation, that’s great. But if you’re shrugging and wondering how cybersecurity measures can protect a drug pump or a replacement hip, you’re not alone.

Far too often, technology advances faster than security measures can keep up, specifically in the realm of medical devices. Mobile computers and tablets are not always subject to security reviews before being adopted by healthcare facilities, and often, important design controls are overlooked. Some devices use default admin passwords that are never changed, and some seemingly secure medical devices rely on hard-coded passwords. 

A recent FDA review of a widely used drug pump, for example, revealed a vulnerability that could easily allow a hacker to take over the system and administer a fatal dose to a patient. One of the engineers who discovered the vulnerability described it as “the least secure IP enabled device I’ve ever touched.” 

The FDA has since warned hospitals to stop using that line of products. But in general, regulations that require medical devices to meet minimum cyber security standards are very weak, when they exist at all. The FDA issues a set of formal cybersecurity guidelines, but so far, these guidelines are not legally enforceable. This places the responsibility for cybersecurity in the hands of the companies that design and offer medical devices, and the clients who place their trust in these devices and employ them in patient care and treatment protocols. 

The FDA and the Department of Health and Human Services are likely to strengthen these guidelines and make them more enforceable in the near future. But at this point, changes tend to hinge on public safety problems; Rapid change takes place only when major breaches or disastrous incidents occur, and until this happens, progress moves slowly. At this point, companies should recognize that hospitals prefer device manufacturers that emphasize safety — both patient safety and cyber security. Hospitals vote with their money, and for now, marketplace demands — not government regulations—are placing the strongest pressure on innovation. 

At Buckman Enochs Coss and Associates, our intense focus has not only given us unmatched experience in these specialized areas but also has made us the largest healthcare recruiting firm in the nation and the most trusted talent search resource among America’s premier healthcare companies. Contact our great team of recruiters today!