Potential Cyberattacks on Implanted Medical Devices Draw Attention

June 13, 2013


Worries over medical-device cybersecurity have largely focused on plugged-in equipment primarily used in hospitals, such as computed tomography scanners and heart monitors that are vulnerable to viruses traveling across medical networks.

But device experts say one of the most hair-raising prospects is that a willful cyberattacker might one day penetrate life-sustaining devices such as implantable defibrillators, pacemakers and wearable insulin pumps.

No instance of a cyberattack on an implantable device has been documented, security experts and officials said. But in a call to arms for device makers to focus on cybersecurity, U.S. Food and Drug Administration officials said the agency would nevertheless ask them to address security concerns in their applications for new-product approvals.

"There are theoretical vulnerabilities that have been identified in laboratories," said Bill Maisel, deputy director for science at the FDA's device unit. "It would require purposeful intent and a moderate amount of sophistication."