For years, pacemakers have been used to help patients with heart conditions while also assistant doctors with keeping tabs on these patients. They are a well-known tool used for saving lives and every year they get more and more advanced. The devices are now so cutting edge that they have the capability of sending a patient’s heart information directly to their doctor.
Unfortunately, the recent advancement in pacemakers have caused a whole lot of cybersecurity issues. The devices happen to be easy targets for well-trained hackers, who have been known to lace them with bugs, exposing a world of insecurities in medical devices.
Back in August, a batch of pacemakers ran out of battery power three months before they were supposed to, which led to at least two deaths. When U.S. Officials got wind of this news, they launched an investigation. Evidently, the affected devices had a rare defect that made them die a lot earlier than expected. The investigation, which has been going on for five months now, gave the FDA a lot of answers and they soon issued a 30 page guide that included the devices’ many security flaws.
It turns out that pacemakers aren’t the only life-saving devices that have have been vulnerable to cyber security issues. Imaging systems and insulin pumps are also among the devices that have been hacked. On Tuesday, the U.S. government announced rules for addressing these issues. These allegations clearly conclude that there is a need for clarified rules on identifying the impact of these vulnerabilities in medical equipment.“Cybersecurity threats are real, ever-present and continuously changing,” said Suzanne Schwartz, a senior Food and Drug Administration official who helped draft the new rules. “And as hackers become more sophisticated, these cybersecurity risks will evolve.”
This isn’t the first time that the FDA has been grappling with such issues. In fact there was a rise in research on these life-threatening security bugs for several years due to the suspects known as ‘white hat hackers,’ who made it their mission to bug the devices.
And while the FDA issued a guidance on how manufacturers should address cyber security when developing new products in 2014, they failed to provide rules that covered the equipment that was already on the market, instead focusing on the brand new inventions.
The FDA did however, put a stop to the use of Hospira Inc’s infusion pumps in 2015, because its cyber vulnerability could cause hackers to take control of the system.
“There is greater clarity for manufacturers, patients and hospitals,” said Josh Corman, an expert on medical device security who is director of the Atlantic Council’s Cyber Statecraft Initiative. “All digital devices using some sort of connection to outside device, RF, Bluetooth and wifi are open to hacking. All security can and will be bypassed in time but that just means all devices should be made as secure as possible from the start, especially those with life altering connections.”
“Why on earth would something as simple as a pace maker be hackable? It can’t require updating, it’s so simple.”