06 Article Kent Kallsen Seal H1

Cyber security is a new spin on an old problem

When I read the headline that the FDA announced a voluntary recall of 465,000 pacemakers over safety concerns related to security vulnerabilities and the possibility of a device being hacked my first thought was, “I wonder if my Dad's pacemaker is part of this recall?”

If you haven't seen this story yet, the units in question are manufactured by Abbott (formally St. Jude Medical). Since my dad has a pacemaker, I reached out to him see if perhaps his pacemaker was part of the recall. If it was, I was very interested in his perspective. Would he consider going to a clinic to get the firmware upgrade a nuisance or a reassuring step that would boost his confidence that everyone has his safety and wellbeing in mind? Turns out, my father's pacemaker is from another manufacturer so no action required.

While this latest voluntary pacemaker recall illustrates that medical device manufacturers are taking cybersecurity seriously, there are other recent events that probably better demonstrate that the threat is real.

During the ransomware attack known as WannaCry from May of this year, it was widely reported that hospitals in the UK were disabled as they scrambled to deal with this cyber infection. This ransomware also made its way to the US and into a couple of medical devices from well-known manufacturers. Thus far, it appears that the risk was limited to some imaging functionality in a few pieces of radiology equipment. But it isn't hard to imagine that more sophisticated attacks could target specific devices that have a higher impact on direct patient safety.

Protecting for misuse is part of any holistic hazard analysis. Addressing cybersecurity is clearly in the forefront as devices get more sophisticated in their connectivity, which is meant to help with ease of use for both practitioners and patients but also opens up vulnerabilities.

While cyber security is just the latest vulnerability in the limelight, I'm old enough to remember the Tylenol cyanide poisoning murders in the early 1980s. The country was struck with fear after seven people died over three days from ingesting Tylenol laced with cyanide.

I was in middle school back then, but clearly remember the fear that was instilled from this terrible act. People were dying as a result of ingesting a medicine they had hoped would simply take away a headache or similar minor ailment. I don't believe the perpetrator/s were ever found, but the incident had a clear impact in our daily lives. It was the catalyst to pharmaceutical, food, and consumer product industries developing the tamper-resistant packaging we are accustomed to today.

Cyber security is just tamper resistance for our electronic medical devices.

06 Article Ami Design Shift H1
The shift to Physical-Digital design teams ... are you ready?
Theresa Emanuel was born in 1877, before electricity and cars. Back then outhouses, horse and buggy, candles, and quill pens were everyday parts of life.
06 Article Ken Life Cycle H1
Life cycle considerations in the age of software-enabled products
Increasingly, physical products leverage software to enable interesting features and deliver compelling differentiation.
Using the 5Ds of IoT for medical devices
I’m a fan of frameworks or techniques that help people understand our complex environment and reduce risk.
The role of user experience in product design
User Experience (UX) design in its most encompassing definition involves all aspects of the end-user interaction with a company, its products and services.
Interaction design beyond the screen
Connected devices blur some of the boundaries between hardware and software.
Finding simplicity in the complexity of the Internet of Things
The Solid Conference – Hardware, Software & the Internet of Things (solidcon.com), recently held in San Francisco, is touted as a revolutionary conference that goes beyond the Internet of Things.