FDA: Make Medical Device Cybersecurity a Top Priority featured image

FDA: Make Medical Device Cybersecurity a Top Priority

by John DiGiacomo

Partner

Cyber Security Data Breach

 

At the end of December, the Food and Drug Administration (FDA) issued new guidance for medical device cybersecurity. The new guidance encourages medical device developers and producers to make cybersecurity of networked medical devices a top priority throughout the product development lifecycle. It did not take long after the issuance of this new guidance for medical device maker St. Jude Medical to develop and deploy a software patch to improve the cybersecurity of some of its remote monitoring systems for various medical devices that it manufactures. Specifically, St. Jude Medical developed patches for implantable pacemakers and defibrillators, according to TechNewsWorld.com.  

One specific product line St. Jude Medical took action to further improve the security of was Merlin@home wireless devices. These devices communicate remotely with implanted cardiac devices in patients. Some potential vulnerabilities were identified in the Merlin@home network connected devices that could allow a hacker to gain access to the device to change parameters of the implanted device. Concerns about medjacking were raised for the Merlin@home devices, as hacked devices could be controlled by hackers to administer inappropriate pacing (electrical stimulations to the heart).

With any medical device, there is always a risk to the patient, so the important question that is asked by designers, developers, manufacturers, and regulators is “does the benefit from this medical device outweigh the risks associated with the device?” The benefit of having a network connected implantable medical device is that the device can record and transmit important patient information to a physician or electronic medical record of the patient. The risk is that network connected devices are something that could be have by cybercriminals.

The patch developed by St. Jude Medical for the Merlin@home medical devices enhances security by adding an additional validation and verification step when establishing wireless communication between the device and Merlin.net network.  

Could Someone Really Hijack a Medical Device?

Hijacking a medical device is a real and tangible cyber security threat. Although it is possible to do so, no St. Jude Medical device associated with the Merlin@home product line has been hacked and no patients with these implantable devices have been harmed by medjacking. Most cyberattacks are financially motivated, and there is little financial gain in hijacking medical devices, which could explain why there are not many instances of this occurring. Nonetheless, medical device producers need to prepare against the real and looming cybersecurity threat posed by hackers.

Contact a Medical Device Cybersecurity Lawyer

Medical device companies and healthcare systems need to be aware of the cybersecurity threats that are likely to affect them, their business, and their customers. Medjacking is one of the newer types of cybersecurity threats, but as technology and hacking techniques advance, medjacking could become more commonplace. Revision Legal works with companies to help manage cybersecurity issues and the aftermath that follows a cybersecurity breach. Contact the experienced health care data breach lawyers at Revision Legal. Please feel free to reach out to us today. Contact us using the form on this page or call us at 855-473-8474.

Image credit: Congress Check

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side