More safety: this is the dead order of the recommendations of the United States Medicines Agency. She invites pacemaker manufacturers to be more proactive.
A pacemaker disabled due to a cyber security breach. It may sound futuristic. And yet, a vice-president of the United States had no choice: Dick Cheney did not reactivate the cardiac device until after his mandate, in 2009. He made the announcement four years later. Staggering the world by the way. The politician thus wanted to avoid any risk of piracy with potentially fatal consequences.
This reality, the United States Food and Drug Administration (FDA) has recognized. Medical devices that help the heart perform its vital function are exposed to hackers. This December 28, she therefore publishes her recommendations for manufacturers of medical devices.
Correct flaws upstream
Each year, 60 to 70,000 pacemakers are implanted in France. These devices are vital for patients: they help the heart beat at the right rate with the help of electrical stimulation. An effective method, but not without risk. Indeed, it works most often wireless. “We are experiencing great technological advances,” admits the deputy director of the Department of Science and Strategic Partnerships on the FDA blog. At the same time, the increased risk of security breaches could affect the performance and operation of devices, ”adds Suzanne Schwartz.
The Agency’s recommendations encourage manufacturers to be proactive in this area. They ask manufacturers to set up control and security systems from the development stage. After placing on the market, monitoring should continue. In the eyes of the FDA, two priorities are defined. They are dependent on each other: assess possible vulnerabilities – and rectify them if necessary – and introduce a way to correct vulnerabilities before they are exploited.
Other risky devices
“Cyber security threats are real, permanent, and constantly changing,” recalls Suzanne Schwartz. A former hacker showed it well, during a computer security congress in 2014. He managed to hack several devices in a row. This risk extends to other medical devices than the pacemaker. Newer insulin pumps, for example.
The Johnson & Johnson laboratory recently paid the price. Its product is equipped with a wireless control, supposed to bring more comfort. But the exchanges between the pump and the control are neither encrypted nor scrambled. A hacker within 762 meters of a pump can increase the dose of insulin delivered. Such an action would therefore cause hypoglycemia, which can prove fatal for a fragile patient.
The imminent marketing of artificial pancreas should raise similar problems.
.
