In a popular television series, a terrorist hacks into the Vice President’s pacemaker software causing it to malfunction and kill him. Is this a real risk, or are we just watching too much television? Well, several government officials are taking the risk seriously.
The FDA and ICS-CERT (a liaison organization between private industry and Homeland Security) both published warning notices on the same day this month. Myriad medical devices and surgical devices contain firmware “backdoors” with passcodes that are relatively easily obtainable. These passcodes and backdoors are used by maintenance and service technicians and could allow access to the device’s critical settings or permit modification to its firmware. So the risk is, arguably, real. But the good news is we haven’t heard of any real examples of this hacking actually taking place. And, now that we understand the risk exposure, device manufacturers can redesign the devices and firmware with better security. Also good news: generally speaking the insurance industry’s standard product liability policy should cover this type of loss. But, if you are a medical device manufacturer, expect more questions about device security on your next renewal application.
|This post was part of our SPOTLIGHT ON CYBER: Is Any Industry Safe?, published June 25, 2013. The feature also included these other risks:|