Many people are implanted with medical devices every year that allows them to live longer, more active, and productive lives, which devices are controlled by computer chips that tell the devices how to function and behave. Some of these implantable medical devices help control the rhythm of the heart and deliver an electrical shock to convert to a normal rhythm if an abnormal rhythm is detected. These devices determine when, how often, and how large of an electrical shock is delivered to the patient. Other medical devices deliver the appropriate dose of insulin or other medications to patients as necessary.
If these medical devices malfunction, the patient can be harmed, sometimes fatally. Therefore, it is imperative that implantable medical devices be made invulnerable to hacking or other cyber attacks that cause mischief and may harm patients who rely on the devices.
A large manufacturer of medical devices, St. Jude Medical, Inc., announced on October 17, 2016 that it is forming a Cyber Security Medical Advisory Board (“CSMAB”) to advise it regarding cyber security standards and risks relevant to the medical devices it manufactures. In announcing the formation of the CSMAB, the Chief Medical Officer of St. Jude Medical, Inc. stated, “Our mission is to deliver innovative technologies that save and improve lives. We take the cyber security of our devices very seriously and creating the Cyber Security Medical Advisory Board is one more demonstration of our ongoing commitment to advancing standards of patient care around the world without comprising safety and security.”
Are Cyber Threats To Medical Devices Real?
One potential example:
About 114,000 patients use the Johnson & Johnson Animas OneTouch Ping insulin pump system in the United States and in Canada. The Animas OneTouch Ping system is sold with a wireless remote control that patients use to order the pump to dose insulin so that patients do not have to access the device itself.
Earlier this month, Johnson & Johnson reportedly sent letters to inform diabetic patients regarding the risk that hackers may pose to such devices. If a hacker is able to spoof the communications between the OneTouch Ping insulin pump and the remote control (the communications between the device and remote control are not encrypted and therefore could be intercepted and repurposed to enable different commands), a potentially fatal dose of insulin could be delivered. The chief medical officer for Johnson & Johnson’s diabetes unit reported that company technicians were able to confirm that a hacker could order the pump to dose insulin at a distance of up to 25 feet, according to reports.
The possible future:
Medical device manufacturers in the United States and elsewhere may face lawsuits if their devices are vulnerable to cyber hack and patients using their devices suffer harm as a result of a cyber attack.
If you or a loved one suffered harm due to a defective medical device, you should promptly consult with a medical device claim lawyer in your U.S. state who may investigate your defective medical device claim for you and represent you in a claim against a medical device manufacturer, if appropriate.
Visit our website to find medical device lawyers in your state who may assist you.
Turn to us when you don’t know where to turn.