“Using a laptop computer to remotely tamper with a Web-enabled implanted medical device, such as a pacemaker, has the potential to be as deadly as using a gun in an assassination attempt, says Jason Lay, manager of cyberthreat information at the U.S. Department of Health and Human Services”
We have heard of IT devices and systems being hacked where hackers create havoc by taking full control of the system with a malicious motive such as blackmail and extortion. They lead on systems with viruses which destroy device functioning and malfunctions the whole system. Now seems like medical devices are not spared from the wrath of cybercriminals and hackers.
As time progresses, more and more healthcare devices are connected to the internet and make use of wifi and IOT technology. Devices such as pacemakers, implantable cardiac defibrillators, and insulin pumps are equipped with wireless connectivity and sensors, leaving a potential exposure for abuse by hackers. Patient data can be compromised and tampered with which lead to wrong diagnosis and mistreatment of patients leading to death. Cyberattacks and viruses could target an entire hospital network and destroy the entire infrastructure.
About 23% of all the recalls of medical devices between 2006 and 2011 were due to software-related problems, and 94% of those presented a medium or high risk of severe consequences for patients, including serious injury or even death, according to the reports published by WISE. This leads to hospitals spending billions of dollars for damage and device maintenance.
There needs to be security reform for these devices. Not only device manufacturers but hospitals and clinics should collaborate to establish certain guidelines and adopt methods to manage, monitor and protect these devices. A solid IT infrastructure should be developed to promote and advance cybersecurity to protect patient data and devices. FDA highly recommends that device manufacturers take cybersecurity into account when designing devices and continue to do so after the devices have been introduced. All these should be reported and tested before and after releasing into the market. FDA also, suggests that cybersecurity be free and updated to protect devices in and out of medical facilities.