You have most likely heard of the massive data breaches which have exposed the personally identifiable information about millions of Americans. People worry about identity theft in the wake of these breaches, but maybe they need to be more aware of the risk of hackers gaining access to connected medical devices. The U.S. Food and Drug Administration (FDA) confirmed that St. Jude-Medical’s implantable cardiac devices can be hacked. These implanted devices monitor and control a patient’s heart function, and can prevent heart attacks. A patch was developed, however, and when patients connected their device to the proper network, they received an update to their software that can protect them. Thankfully, no patients were harmed because of the device’s vulnerability.
What are the potential vulnerabilities of connected medical devices?
If you think about your home WiFi network, all your family’s smart phone, laptops, security cameras, smart TVs and any other Internet-ready devices are connected to the Internet wirelessly. If a hacker was to breach your home network’s firewall, they could gain access to any of the devices on that network with vulnerabilities. Some medical devices are “connected,” which means that they can be accessed remotely through a network. This allows doctors to monitor the device, and make changes as needed. If these connected devices do not contain adequately robust security, hackers could potentially gain access to the device and cause patient’s harm.
What is the FDA’s role in medical device cybersecurity?
In an article on the FDA blog, Suzanne Schwartz explains the FDA’s role in medical device cybersecurity. She referred to the global cyber-attacks in 2017, which included WannaCry and Petya/NotPetya cyber-attacks, which involved the unleashing of ransom ware and demands of payments to restore computer networks and crucial files. In response to these threats, Schwartz recommends taking a total product lifecycle approach, from product design where security is built in to foil potential risks followed by having a plan in place to manage any risks that might emerge and creating a plan for how they might reduce the likelihood of future risks.
The FDA is working with the public to dispel myths about medical device cybersecurity by sharing facts. They will continue to work with manufacturers in the medical device industry and with other federal agencies to ensure the safety and effectiveness of medical devices against cybersecurity threats.
In their article on cybersecurity, the FDA recommends that medical device manufacturers and health care facilities take steps to ensure appropriate safeguards. Manufacturers, says the FDA, are responsible for being vigilant about identifying risks and hazards associated with their medical devices, including risks related to cybersecurity. Manufacturers are responsible for putting appropriate mitigations in place to address patient safety risk and ensure proper device performance. The FDA also recommends that hospitals and health care facilities should evaluate their network security and protect their hospital systems.
If you or someone you care about has suffered an injury from a defective medical device, a skilled products liability lawyer from Merkel & Cocke is ready to help.
At the law firm of Merkel & Cocke, we serve clients from our offices in Jackson and Clarksdale. We represent clients throughout Mississippi and the Gulf Coast Region, and we also handle cases in Tennessee, Arkansas, and in federal courts in all three states. You may call us at 662-799-1633 or complete our contact form to schedule your free initial consultation today.