Despite their fears, only 17% of respondents said they were taking ‘significant’ steps to prevent attacks and 32% of medical device manufacturers admitted that no one person or function in their organisation was ‘responsible for device security’.
This was only one of the strands of a growing sense of disquiet about connectivity being designed in without appropriate levels of security being put alongside.
Now the recall by the US Food and Drug Administration (FDA) of some 465,000 pacemakers underlines those concerns. According to the FDA, ‘lax cybersecurity’ could allow the pacemakers to be hacked, forcing batteries to run down or the patient’s heartbeat altered.
Commenting, Cesare Garlati, the prpl Foundation’s chief security strategist, said: “With the IoT, the main cause for concern is security. IoT has developed rapidly and is now being used in all facets of life, which is why improvements in security need to be made now, especially when lives depend on IoT medical devices. Failure to do so will lead to catastrophic results. Healthcare organisations need to ensure that security requirements are being met in the technology used.”
Apparently, there are no known instances of someone’s pacemaker being hacked, but a patch has been developed and patients will have to visit their doctor to have the software in their device updated.* Device security will be the subject of a panel discussion at the forthcoming Electronics Design Show Conference. For more information, click here.