Hacked off
With the news that the FDA has called for healthcare facilities to stop using Hospira’s Symbiq Infusion systems because of its ability to be hacked, it seems cyber security has become a key issue for medical device manufacturers
Many device businesses are aware of the risk of cyber attacks pose on their products and have been working to counter vulnerabilities. However, with the news that the FDA is advising against the use of certain products, the story is taking a whole new turn.
As we see an increase in medical devices such as IV pumps, insulin pumps and pacemakers being connected wirelessly to improve remote monitoring for doctors, this also means a potential increase in hackers.
The FDA cited research from independent cyber security expert Billy Rios who concluded that patients could be at risk of remote attacks by someone accessing the hospital network. He highlighted the ease with which hackers could log in to a device without a username or password, allowing them to operate the device and change its settings. A high profile example of this in the US was former vice president Dick Cheney who found his pacemaker function had been disabled.
A recent article in US publication, The Star Phoenix, quoted David Kleidermacher, chief security officer at Blackberry. He said that currently it’s not illegal for device manufacturers to claim that the security of their product is as good as it can be, when this might not be the case. He is quoted as saying:
“Can you imagine if it was legal for them to say that about safety? You can’t do that . . . But in the security world, they could say that and it would be absolutely legal.
“That infusion pump manufacturer can make that claim. This is a problem.”
While of course, this is a problem, it is one that needs to be addressed, not just highlighted. The rise in the digital health market has been well documented. In the UK, the NHS faces incredible strain as we see an increase in obesity-related illness such as diabetes, for example. The use of remote monitoring or drug administering devices eases burden for both the patient and the healthcare professional. Technological advancement is always welcome and we should be wary of pointing the finger at device manufacturers without entering into meaningful dialogue on the path the industry needs to take.
Blackberry is apparently part of a group that is apparently looking in to security standards for medical devices and how to protect against cyber attack. It will be interesting to see the results of this and how medical device manufacturers can tap into their findings.