Bring An Equalizer to the Fight. Choose a Firm That Was Created to Advocate for Victims.

FDA Taking Steps to Improve Cybersecurity of Medical Devices

The U.S. Food and Drug Administration (FDA) recently announced that it is moving forward on efforts to strengthen the cybersecurity of medical devices. While pacemakers, defibrillators, and insulin pumps seem like unlikely targets for hackers, a security breach could have drastic consequences.

According to the FDA, its concerns about cybersecurity vulnerabilities include malware infections on network-connected medical devices or computers, smartphones, and tablets used to access patient data; unsecured or uncontrolled distribution of passwords; failure to provide timely security software updates and patches to medical devices and networks; and security vulnerabilities in off-the-shelf software designed to prevent unauthorized access to the device or network.

Although no hacking attempts have been reported to date, researchers have recently shown how easily the security of medical devices can be compromised. Security researcher Jerome Radcliffe made headlines when he demonstrated how he could hack his own insulin pump at a 2013 security conference. Researchers at the Medical Device Security Center have also provided evidence that devices like pacemakers and defibrillators could be accessed remotely, allowing an attacker to transmit a fatal shock to a patient or shut down the device completely.

Given the potential threats, the FDA recommends that medical device makers address cybersecurity as part of the design and development of a product and submit documentation to the agency about the risks identified and controls in place to address them. The guidance also proposes that manufacturers submit their plans for providing patches and updates to operating systems and medical software.