FDA Approves Firmware Fix for St Jude Pacemakers

I am thrilled to see these patches approved and moving forward, but we need to reevaluate this process and create a scenario in which security issues can be addressed in a timely manner.

https://www.infosecurity-magazine.com/news/fda-approves-firmware-fix-for-st/

Advertisements

Schneier on Security – FDA Recommendations on Medical-Device Cybersecurity

I echo Mr. Schneier’s comments in that a non-binding recommendation has little value and even less influence.  That said, this is a necessary half-step in the right direction.  Human hackability is a real problem that needs and deserves real attention and real solutions.

https://www.schneier.com/blog/archives/2017/01/fda_recommendat.html

I am glad to see that St. Jude Medical and others are at least attempting to patch and address vulnerabilities in their products.

https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/

St. Jude Faces New Claim Heart Implants are Hackable

Threats and vulnerabilities associated with The Internet of Things (IoT) are not just focused on wireless cameras, home routers, and DVRs.  There are a myriad of life saving medical devices that communicate via some form of wireless protocol including insulin pumps, pacemakers, and spinal stimulators among others.  These devices, if compromised, can cause problems much larger than a simple DDOS attack.  A compromised medical device can lead to death.  Security must be taken more seriously for these devices in the immediate future.

https://threatpost.com/st-jude-faces-new-claim-heart-implants-are-hackable/121504/

St. Jude Faces New Claim Heart Implants are Hackable

Threats and vulnerabilities associated with The Internet of Things (IoT) are not just focused on wireless cameras, home routers, and DVRs.  There are a myriad of life saving medical devices that communicate via some form of wireless protocol including insulin pumps, pacemakers, and spinal stimulators among others.  These devices, if compromised, can cause problems much larger than a simple DDOS attack.  A compromised medical device can lead to death.  Security must be taken more seriously for these devices in the immediate future.

https://threatpost.com/st-jude-faces-new-claim-heart-implants-are-hackable/121504/

IoT Medical Devices: A Prescription for Disaster

This issue is of personal significance to me and my family.  I believe we must put the safety and privacy of patients at the forefront of any technological advance in medicine.  There does appear to be a disconnect in understanding for medical providers when it comes to new I0T devices.  Obscure is not the same thing as safe and secure.

https://threatpost.com/iot-medical-devices-a-prescription-for-disaster/119155/