The Federal Bureau of Investigation (FBI) recently issued a warning regarding
the cybersecurity risks associated with the Internet of Things (IoT).
The agency specifically highlighted the need to safeguard medical devices.
The IoT refers to devices that connect to the Internet to automatically
send and/or receive data. Examples include fitness devices, “smart”
appliances, automated thermostats, and security systems.
According to the FBI, deficient security capabilities and difficulties involved with patching
vulnerabilities in IoT devices, as well as a lack of consumer security
awareness, provide cybercriminals with opportunities to exploit these
devices. Once the malicious actors gain access to the devices, they can
steal personal information, send malicious emails, render the device inoperable,
or even cause physical harm.
With regard to medical devices, criminals can gain access to unprotected
devices used in home health care, such as those used to collect and transmit
personal monitoring data or time-dispense medicines. “Once criminals
have breached such devices, they have access to any personal or medical
information stored on the devices and can possibly change the coding controlling
the dispensing of medicines or health data collection,” the FBI warns.
As we discussed on this blog, hospitals are also at risk. The U.S. Food
and Drug Administration (FDA) recently issued a specific
warning regarding a computerized pump designed to continuously deliver medication and fluids. According to the
FDA, the Hospira Symbiq Infusion System can be accessed remotely through
a hospital’s network, which could allow an unauthorized user to
control the device and change the dosage the pump delivers.
The FBI alert provides a number of recommendations for mitigating the cybersecurity
risks for IoT devices. For patients, the agency recommends becoming familiar
with the capabilities of any medical devices prescribed for at-home use.
If the device is capable of remote operation or transmission of data,
it could be a target for a malicious actor.
If you or someone you care about has suffered serious harm due to unsecure
or otherwise defective medical device, don’t hesitate to contact
a San Diego product liability lawyer at the Law Offices of Robert Vaage
for a free consultation.