HACKED MEDICAL DEVICES make for scary headlines. Dick Cheney ordered changes to his pacemaker to protect it from hackers. Johnson & Johnson warned customers about a bug in one of its insulin pumps last fall. And St. Jude has spent months dealing with the fallout of vulnerabilities in some of the company’s defibrillators, pacemakers, and other medical electronics. You’d think by now medical device companies would have learned something about security reform. Experts warn they haven’t.
As hackers increasingly take advantage of historically lax security on embedded devices, defending medical instruments has taken on new urgency on two fronts. There’s a need to protect patients, so that attackers can’t hack an insulin pump to administer a fatal dose. And vulnerable medical devices also connect to a huge array of sensors and monitors, making them potential entry points to larger hospital networks.