Author(s): Raghu Gopal
This week, the US Food and Drug Administration (FDA) together with the Department of Homeland Security issued an official safety notice concerning implantable cardiac devices made by St Jude Medical. Some of St Jude's pacemakers and heart defibrillators contain a flaw that could be potentially dangerous to patients.
The problem isn't with the electronic devices but rather the security of the network through which caregivers can control them. These implantable medical devices from St Jude, which is now owned by Abbott Laboratories, communicate wirelessly via a two-way transmitter in the patient's home. The transmitter, in turn, shares the information with the responsible caregiver.
A third-party security firm discovered that the transmitter could be remotely hacked potentially allowing nefarious access to life-maintaining implanted devices, modifying its programming to deplete the battery, alter the pace or even issue shocks. The FDA stressed that there have been no known cases of hacks, but the fact that the possibility exists is concerning. Abbott has issued a patch to address the vulnerability.
In the same safety notice, the FDA highlighted the growing potential of exploitation. As medical devices become connected via the Internet, they become exposed to the same digital security problems as any other networked product. But these aren't just fitness trackers or smartphones. This type of hack could be far more disastrous.
We expect billions more devices will be hooked into the Internet in the coming years. Hack attacks are reported frequently, but mostly with limited consequences. Now that big ticket items such as automobiles and human organs are connected to the Internet and potentially exposed to hackers, it will be vital to ensure security. The market excitement surrounding the Internet of things shouldn't numb us to the growing risks associated with cyber-security vulnerabilities.