The FDA is taking public comment right now on guidelines it’s proposed to make medical devices — things like implanted pace makers and insulin pumps — safer. Specifically the agency wants manufacturers to improve the cybersecurity of these devices. Wireless interference from hackers can have potentially deadly consequences.
Maybe you remember the little scene from the show “Homeland,” in which a terrorist hacks into the vice-president’s pacemaker. His heart goes haywire, and the guy dies.
Paul Castellanos, a surgeon at the University of Alabama at Birmingham, remembers watching the episode and thinking, ‘No way.’
“I just didn’t believe that that was possible,” he says. “Subsequently I have researched the issue, and I found I was wrong. “
Thing is, a lot of pacemakers are controlled remotely. And as with a lot of wireless-enabled devices, they can be hacked pretty easily.
“I suspect that most doctors assumed it was not possible to render these devices dangerous, and I was truly shocked that that wasn’t the case,” Castellanos said.
He was surprised mostly because the FDA has to certify that all medical devices are “safe and effective.”
The FDA said this week it’s aware of dozens of cybersecurity incidents affecting hundreds of devices. But that as far as the agency knows, no patients have been harmed.
Still, the FDA recently put out new guidelines requiring manufacturers to keep their devices safe from cyber attacks. The medical device industry is worth more than $300 billion. Manufacturers might have to make lots of changes to their products to protect against hacking.
“Getting it to work under normal conditions is about 20 percent of the job. Eighty percent of the job is looking at it and thinking ‘What are all the ways that something could screw the system up, either consciously or maliciously?'” says Jim Horton, an engineer at Biotronik, which makes pacemakers and implanted defibrillators.
But even companies like Biotronik say working with cutting edge technology and protecting against the latest threats is a constant balancing act.