Skip to main content

Your Medical Device May Work Fine, But Can It Be Hacked?

In recent decades, modern medical science has provided patients with numerous ways to extend life and make life more comfortable. New medical devices come on the market all the time, and even though many fail, many others work as intended without causing patients any harm.

In fact, many pacemakers now provide doctors with real-time data that allows them to monitor their patients’ condition more effectively using a wireless internet connection. You may have one of these devices and have peace of mind because your doctor can keep track of your condition to better control it. However, just as is the case with any other Wi-Fi enabled technology, your device may be vulnerable to hacking.

The danger

This type of depravity is not theoretical. It may be hard to believe that anyone would hack into a medical device and put someone’s life at risk. However, it has already happened. In addition, a hacker breached hospital infusion pumps using Wi-Fi technology in certain hospitals across the country.

If someone hacks into your doctor’s computers or directly into your device, that person could drain the pacemaker’s battery or crash it. You don’t need a medical or computer science degree to know that this could put your life at risk.

In 2016, a “smart” pacemaker developed by St. Jude Medical came under scrutiny from a cybersecurity research firm which believed that the security on the company’s pacemaker left patients vulnerable to this very scenario. Of course, St. Jude Medical denies that their devices are vulnerable to a cyber-attack, and other researchers agree. Even though evidence indicated that the research company made money by pointing out this potential flaw, it still raises valid concerns.

The government’s response

Federal agencies such as the U.S. Food and Drug Administration and the U.S. National Institute of Standards and Technology share those concerns. With a number of devices in addition to pacemakers now containing wireless internet connections for remote monitoring, the agency is doing its part to try to help ensure the safety of patients in which these devices are implanted.

The FDA provides guidance regarding cybersecurity needs for medical devices. NIST created a framework for cybersecurity to help address infrastructure issues to prevent hacking in many systems, including those used in medical devices. Even so, no program currently exists to assess the potential cybersecurity dangers for pacemakers.

Some believe that such a program needs creating and implementing to provide patients and doctors with some measure of safety and confidence. In 2016, the Diabetes Technology Society created a security assessment program for insulin pump controllers that could have applications to other medical devices such as pacemakers.

The bottom line

In this technological age, manufacturers of medical devices using “smart” technology need to be held accountable if their devices cause harm to patients. If your pacemaker or other medical device monitors via a wireless connection is hacked, you may suffer significant harm.

Under these circumstances, you retain the right to file a claim against the manufacturer of the device, along with others, seeking compensation for your injuries.