As the use of connected biomedical devices increase, so does the risk of a hack of those devices.
Many biomedical devices in use today, including pacemakers and insulin pumps, are wireless and capable of connecting to the internet. As such, they are susceptible to software vulnerabilities which could allow hackers to gain access to any data or information contained within it or, worse, control the device’s operation (for example, changing the dose of insulin or the patient’s heartrate). It is clear that such hacks could have fatal consequences, especially as often the end user has no control over the device. This threat was real enough even in 2013 when a former US vice president had the wireless connectivity in his pacemaker turned off in 2013.
The Food and Drug Administration (FDA) in America and the British Medical Journal have warned multiple times of such software vulnerabilities and the threat of hacks. In 2018, the FDA recalled nearly half a million pacemakers and, more recently, it identified nearly a dozen such vulnerabilities in operating systems that run third party software used in many biomedical devices.
Although there have been no reports of devices being hacked in this way (outside the lab), patients should remain wary. As the number of patients opting for the convenience and utility of such devices increases, it follows that the risk of such hacks is also on the rise. Given this, we expect to see more pressure on manufacturers to embed a higher level of security in devices, including stronger authentication mechanisms, and for manufactures to react effectively to new vulnerabilities as they are discovered. We also hope to see further education of medical professionals and patients around the potential risks and signs of remote tampering.
Many implantable devices, probably virtually all of them, have some sort of security vulnerability or potential vulnerability, or haven't been designed with security in mind