Hacking healthcare: Would we know if a medical device was hacked?

August 26, 2013 by Arezu Sarvestani

The absence of reported hacks on medical devices doesn't mean they aren’t happening, experts say, because there are no mechanisms in place to detect them.

How would we know if medical devices had been hacked?

The FDA has made medical device cybersecurity a high priority, even as it stresses that there have been no reported incidents of malicious medical device hacks or of patients harmed by a security-related issue.

But that assurance is based more on assumption than fact, experts say. And other evidence gathered in real-world healthcare environments suggests that the lack of cybersecurity reports at the FDA is more suspicious than comforting.

"I think we're making a reasonable assumption that [malicious hacking] hasn't happened, but it's not based on any empirical evidence one way or the other," Codenomicon medical security global director Mike Ahmadi told MassDevice.com in an in-depth interview. "It may have happened."

Sign up to get our free newsletters delivered right to your inbox.

Experts like Ahmadi, whose company is helping to provide the tools for the FDA's newly announced "cybersecurity lab," temper their remarks by explaining that the risks of a medical device hack pale in comparison to the devices' life-saving benefits. But they also want patients to be aware of the risks, however small they may prove to be.

"I hear this argument all the time, from vendors especially, that it hasn't happened yet, that it isn't really a security concern," medical device hacker and cybersecurity expert Jay Radcliffe told us after his recent presentation at the Black Hat cybersecurity conference in Las Vegas. "Does that mean we should just ignore it?"

Absence of evidence is not evidence of absence

Comments

Features

Blame the medical device tax and the U.S. regulatory environment for the slump in investment in early-stage medical technologies, Silicon Valley Bank's Ben Johnson tells MassDevice.com.

Halyard Health, the publicly traded, $1.6 billion spinout of Kimberly-Clark's medical device business, is slated to go live in November, soon-to-be COO Chris Lowery tells MassDevice.com.

David Green tells MassDevice.com about the decision to split Harvard Bioscience and Harvard Apparatus Regenerative Technology, his choice to move over to the new entity and why regenerative technologies are poised to transform medicine.

Medtech veteran Dave Johnson has been with Alliqua Biomedical for less than 2 years, during which time he's overseen a major hiring spree, 3 business development deals and the company's 1st acquisition. In an interview with MassDevice.com, Johnson talks about his step-by-step perspective and where he hopes Alliqua will be in 5 years.

MassDevice.com brought together 4 of the most influential leaders in medtech to discuss the future of the industry on July 15, 2014 at DeviceTalks Boston.