When I read the headline that the FDA announced a voluntary recall of 465,000 pacemakers over safety concerns related to security vulnerabilities and the possibility of a device being hacked my first thought was, “I wonder if my Dad's pacemaker is part of this recall?”
If you haven't seen this story yet, the units in question are manufactured by Abbott (formally St. Jude Medical). Since my dad has a pacemaker, I reached out to him see if perhaps his pacemaker was part of the recall. If it was, I was very interested in his perspective. Would he consider going to a clinic to get the firmware upgrade a nuisance or a reassuring step that would boost his confidence that everyone has his safety and wellbeing in mind? Turns out, my father's pacemaker is from another manufacturer so no action required.
While this latest voluntary pacemaker recall illustrates that medical device manufacturers are taking cybersecurity seriously, there are other recent events that probably better demonstrate that the threat is real.
During the ransomware attack known as WannaCry from May of this year, it was widely reported that hospitals in the UK were disabled as they scrambled to deal with this cyber infection. This ransomware also made its way to the US and into a couple of medical devices from well-known manufacturers. Thus far, it appears that the risk was limited to some imaging functionality in a few pieces of radiology equipment. But it isn't hard to imagine that more sophisticated attacks could target specific devices that have a higher impact on direct patient safety.
Cyber security is just tamper resistance for our electronic medical devices.
Let’s talk about how we can help move your business forward.