It’s no joke — hackers can cause pacemakers to deliver life-threatening shocks.
It is not exactly news, either. For years, the federal government has told medical facilities to abandon devices vulnerable to hacking.
The real shocker is that doctors have continued to implant such devices into patients’ chests. It’s about the failure to update.
Researchers said they alerted medical device maker Medtronic about hacking vulnerabilities in January 2017. At a conference this week, they demonstrated how to hack a device doctors use to control pacemakers after they are implanted.
Billy Rios and Jonathan Butts said Medtronic’s device didn’t have encrypted updates, and they were able to run malicious firmware that most doctors could not detect. As a result, the implanted devices could increase the number of shocks sent to a patient’s heart.
Reporting on the issue, ArsTechnica reached out to Medtronic. A representative said the company had addressed the hacks and issued security bulletins.
That may be a relief, but it’s not a remedy — legally speaking.
Risk and Liability
Writing for FindLaw three years ago, Casey Sullivan reported that the Federal Drug Administration had called out the problem. Pacemakers, insulin pumps and other medical devices are vulnerable to hacking.
“Not only are the hackable medical devices a risk to patients, they’re also a potentially huge liability to medical companies — and perhaps a boon to malpractice lawyers,” he said.