Medical device cybersecurity is not just whispered about at hacker conferences or in regulatory meetings – the issue resonates with some of the largest medical device industry players, including Medtronic CEO Omar Ishrak.
The hackability of medical devices is on Ishrak’s radar and Medtronic is working on ways to enhance security, Ishrak told MassDevice.com at the AdvaMed industry conference in Boston this week.
"It’s a high priority for us," he said. "We need medical devices to be more secure but also internal corporate systems to be more secure."
As the largest pure-play medical device maker in the world, Medtronic has been one of the few companies targeted by security experts looking to make a point about medical device vulnerabilities.
In 2008, when a team of researchers from MIT first demonstrated that implanted medical devices may be susceptible to hacking, they did so by infiltrating a Medtronic defibrillator.
Last August, when a computer security expert hacked his own insulin pump live on stage during a conference in Las Vegas, it was a Medtronic insulin pump that he wirelessly accessed and controlled.
The growing clamor around medical device hacking and vulnerabilities of wireless communication did not escape the company’s attention. Last October Medtronic announced that it had hired tech security giant Symantec to investigate cybersecurity in its medical devices.
"It’s something that we’re working on and at the same time we’re cognizant that we need to work with others," Ishrak told us when we caught up with him in Boston. "There’s a lot of innovation in this area, a lot of fast-moving innovation, and we just need to be on top of the dynamics."
Concerns over medical device cybersecurity also got the attention a trio of U.S. House members, who spurred an investigation by the Government Accountability Office.
Released last week, the GAO report called for more cybersecurity oversight of medical devices, urging the FDA to take stock of its resources and boost efforts to review medtech software for potential vulnerabilities.
The GAO warned, however, that some security efforts may require compromises in medical device reliability, especially in terms of battery life.
Ishrak rejected that idea.
"We’re never going to compromise quality, safety and reliability," he said. "We have to use innovation to work around that."