Dr Levine is Practice Director, CCRM New York, and Attending Physician, Lenox Hill Hospital, New York. He has no conflict of interest to report in respect to the content of this article.
In late December 2016 the Food and Drug Administration (FDA) released its recommendations for how medical device manufacturers should protect and maintain the security of Internet-connected devices. The report strongly encourages device manufacturers to “address cybersecurity throughout the product lifecycle, including during the design, development, production, distribution, deployment and maintenance of the device.”1 The FDA’s concern is that “exploitation of [networked devices’] vulnerabilities may represent a risk to health” given that many patients and practitioners depend on the data and function of these devices for patient care.
In short, the FDA is concerned that devices such as pacemakers and insulin pumps could be held hostage by cyber-terrorists.
In 2015, the FDA issued a warning that Hospira Inc’s Symbiq intravenous infusion system had a security vulnerability that could allow cyber attackers to take remote control of the system by accessing a hospital’s network.2
Although no cases of pump-hijacking were reported, the FDA strongly encouraged healthcare facilities to stop using the Symbiq system and switch to other devices. However, it warned that the devices were likely still available through third-party vendors and that consumers should avoid the product.
The implications of asking a clinic, hospital, or other facility to discontinue using a device are significant. For example, Symbiq had a “connected” library that kept the device up to date and safeguarded against accidental overdoses. The FDA document regarding the pumps states, “Disconnecting the affected product from the network will have operational impacts. Disconnecting the device will require drug libraries to be updated manually. Manual updates to each pump can be labor intensive and prone to entry error.”2 Therefore, not only is the transition to a new device costly since it requires buying new equipment, but it will also require countless hours of in-service training, which is an almost insurmountable cost because it is difficult to estimate the effect on patient care.