[News article] Could a wireless pacemaker let hackers take control of your heart?
Medical devices don’t get regular security updates, like smart phones and computers, because changes to their software could require recertification by regulators like the U.S. Food and Drug Administration (FDA). And FDA has focused on reliability, user safety, and ease of use—not on protecting against malicious attacks. In a Safety Communication in 2013, the agency said that it “is not aware of any patient injuries or deaths associated with these incidents nor do we have any indication that any specific devices or systems in clinical use have been purposely targeted at this time.” FDA does say that it “expects medical device manufacturers to take appropriate steps” to protect devices. Manufacturers are starting to wake up to the issue and are employing security experts to tighten up their systems. But unless such steps become compulsory, it may take a fatal attack on a prominent person for the security gap to be closed.
For more on privacy and to take a quiz on your own privacy IQ, see “The end of privacy” special section in this week’s issue of Science.
No comments yet.