It may seem like something that could only happen in a science fiction movie. Medical devices being hacked by some unknown villain who is wreaking havoc on the population sounds just futuristic enough to instill some fear and be a great movie plot. However, this plot may not be as futuristic as it may seem.
The Food and Drug Administration (FDA) has been aggressively researching and releasing statements about the potential for harm due to hacking of medical devices. Many medial devices are connected to computer programs that monitor the device. This leaves these devices open to cybersecurity issues.
If The Device Is Connected – It Can Be Hacked
Medical devices like insulin or medication pumps and pacemakers are all connected to a computer program that helps monitor the device and the patient. These programs are vulnerable to computer hacking just like any computer. The potential for harm is very real and something that must be addressed by the manufacturers.
Cyber security researchers Billy Rios and Johnathan Butts have addressed the issue first hand. The pair of researchers have stated that they have been able to hack every medical device presented to them to date and that the hacks were actually quite simple. In fact, they found that the security is so low on these programs and devices that they wrote a paper directly to device manufacturer Medtronic about the issue.
Medtronic responded as most would think, denying any type of security issue and basically stating that there was no reason for concern. There had never been a security breach of medical devices in the past. The pair of researchers felt differently, however, and continued their research on the issue.
At a cyber security conference in January 2017 the pair demonstrated just how simple it was to hack a pacemaker and an insulin pump. Much to their surprise, after the second demonstration the crowd gave them a standing ovation for addressing something as serious as medical cyber security. It was at that point that the FDA took notice of the problem and began conducting their own research.
The FDA has released several statements about medical device security since this first demonstration. The first statement that they released says that there have been no known device hacks to date for medical devices. However, the administration wishes to keep it that way. The FDA has been working with manufacturers to improve the programming and security of their devices.
Medtronic has issued a statement saying that they have put through a computer patch that addresses any cyber security issues for older devices and are incorporating stronger security in newer devices. They have restated that there have never been any issues with their devices in the past and they do not foresee any issues in the future. Some of the smaller medical device manufacturers have not commented on the situation at this time.
All medical devices carry some form of risk attached to their use. However, patients should not have to worry about their medical devices being hacked by cyber criminals when they agree to use the device. Cyber security for medical devices must become a top priority for all manufacturers of medical devices now and in the future.
FDA Cyber Security Statement For Medical Devices
FDA Statement On Medtronic Heart Devices And Cyber Security
Learn more Medical Device News.