FDA, Industry Fear Wave Of Medical-Device Hacks

The Food and Drug Administration (FDA), along with many other medical industry leaders, has begun to address the potential problem of hackers interrupting personal medical devices. Many new medical devices, such as insulin pumps, pacemakers and similar devices, work off of Wi-Fi signals that could be subjected to hackers. This could potentially mean that millions of people are at risk of being harmed in any type of hacking event.

The problem is very real to the medical industry; enough so that when former Vice President Dick Cheney had a pacemaker installed the device was altered so that the Wi-Fi signal was blocked to protect the VP from harm.

Medical Records Are Continually Breached

Over the last five years it is believed that almost half a billion medical records have been compromised. In 2014 alone, the Department of Health and Human Services acknowledged that over 113 million records were accessed through hacking events. While many believe that this information is only used to steal personal identity information for financial gain, it can also be used to gain specific information about medical devices being used by those individuals.

FDA, Industry Fear Wave Of Medical-Device Hacks

Tampering With Devices Is A Real Danger

In 2015 the FDA warned hospitals to discontinue using the Hospira Symbiq infusion pumps in their facilities. It had been discovered that these devices could be easily accessed through the hospitals network and dosages could be altered, harming patients. The scariest part of this recall was the admission by the FDA that hackers could access these devices by entering the medical facility system through a wireless printer.

Prior to this incidence, in 2013, Barnaby Jack, a well-known hacker announced that he was able to access the programing in pacemakers. He claimed that these devices could be easily breached and that he could stand within 50 feet of a person and access their device. Jack planned to reveal his technique at a hacker convention in Las Vegas but died the night before the event. It is unknown if his technology survived.

The ability of hackers to access medical devices in and outside of a hospital setting could be used for many illegal purposes. Hackers could use this technology to stage a terror attack, seek blackmail, or for-hire killings. The potential list of illegal actions is too long, and too terrifying to even consider.

What Is Being Done

At this time, the FDA and many major medical companies are trying to determine the best strategy to make these devices safe for use and to protect those who already have these devise installed.

The Department of Health and Human Services is trying to establish a type of incentive for manufacturers to actively report any breaches in their systems. It is their belief that at this time, manufacturers are too worried about their reputations and profitability to accurately report hacking events. A spokesperson for HHS has stated that incentives will be required to protect these companies and allow true reporting to occur.

On the other hand, the FDA has stated that these manufacturers have an obligation to produce equipment that is safe and can remain safe through its lifecycle. If this means finding a way to continually upgrade the programing of these devices with anti-malware programing and security protections, then it must be accomplished.

Overall, there is a real threat when any individual is equipped with a Wi-Fi medical device. Precautions must be taken by the medical industry, the government, and by individuals themselves.

Mark Sadaka fromĀ Pharma Watch Dog, the leading Drug Injury Lawyer, has a national practice and works with clients from New York to Alaska.