FDA and Rethinking Medical Device Approvals

There was an interesting story in today's Boston Globe. It appears that there are significant security gaps in "implanted devices that help regulate heartbeats and use wireless technology."

Dr. William H. Maisel, director of the Medical Device Safety Institute at Beth Israel Deaconess Medical Center in FDA who led a research project into medical device security risks, says in the story:

"With some technical expertise, we were able to retrieve information from the device [built by Medtronic] in an unauthorized fashion. We were able to send commands to the device in an unauthorized fashion and could reprogram settings and even tell the device to deliver a high-voltage shock."

While Maisel says not to worry, that the technical expertise required to hack these devices is very high, how long do you think it will be before hackers actually are able to replicate what Maisel and his team of researchers were able to do?

Of course, medical device manufacturers like Medtronic don't really have to worry too much. Given the recent Supreme Court ruling on Class III medical devices, all they have to do is to add the risk to their warning label, get the FDA to approve it, and they are immune if their devices get hacked.