FDA Wants Pacemakers Immune To Hackers
- comments
Yes, pacemakers can be hacked. Modern day medical devices are Internet-enabled and this leaves them vulnerable to cyber attacks from even low-level hackers. Med-Sec, a medical security agency claims to have performed simulated cyber attacks on pacemakers and have succeeded in draining the battery of one instrument while causing another to beat abnormally fast.
This vulnerability is a serious concern for the FDA. In an answer to this problem, FDA has issued certain guidelines to increase the security of pacemakers and other such implanted medical devices. A few important guidelines according to FDA's Postmarket Management of Cybersecurity in Medical Devices Final Guidance published on 28th December 2016:
- Devices should be analyzed for exploitability and the extent to which a cyber attack can affect a patient.
- After the product is put to use, software patches should be readily made available as and when new vulnerabilities are detected.
- Vulnerability handling processes should be built into the device and the same should be communicated to its users.
- Appropriate mechanisms for quick response to vulnerability reports should be installed.
- Users should be informed about the safe practices and limitations considering cyber-security of their device.
- Strick software validation protocols should be enforced to eliminate vulnerability in the operating system of the device.
These guidelines if enforced properly will serve to make medical devices more immune to cyber attacks. But these guidelines are not the complete solution. Companies manufacturing such devices have to work in accordance with these guidelines to ensure a secure product to their patients. Although medical devices will never be hundred percent immune as new vulnerabilities crop up every day, the FDA allows devices to enter the markets as long as their benefits to the patients are substantially higher than the risks they pose.
According to the FDA website's Cybersecurity section, the FDA has been engaged in continual efforts to optimize the security guidelines since 2013. And though these are gradual steps in the journey to immune medical devices, the FDA seems focused and dedicated to the goal.