The FDA doesn't want your pacemaker to get hacked

The US Food and Drug Administration finalizes cybersecurity guidelines and recommendations to protect connected medical devices.

Patrick Holland Managing Editor
Patrick Holland has been a phone reviewer for CNET since 2016. He is a former theater director who occasionally makes short films. Patrick has an eye for photography and a passion for everything mobile. He is a colorful raconteur who will guide you through the ever-changing, fast-paced world of phones, especially the iPhone and iOS. He used to co-host CNET's I'm So Obsessed podcast and interviewed guests like Jeff Goldblum, Alfre Woodard, Stephen Merchant, Sam Jay, Edgar Wright and Roy Wood Jr.
Expertise Apple, iPhone, iOS, Android, Samsung, Sony, Google, Motorola, interviews, coffee equipment, cats Credentials
  • Patrick's play The Cowboy is included in the Best American Short Plays 2011-12 anthology. He co-wrote and starred in the short film Baden Krunk that won the Best Wisconsin Short Film award at the Milwaukee Short Film Festival.
Patrick Holland
2 min read

The FDA advises manufacturers to create an action plan to improve the cybersecurity of medical devices like artificial pacemakers.

Getty Images/Science Photo Library RM

Whether it's cars or frying pans, more and more things are connected to the internet. While this adds a level a convenience and control to everyday items, there is also an increased vulnerability for things to be hacked.

The US Food and Drug Administration recognizes this threat as a possibility for internet-connected medical devices and advises manufacturers to take precautions now on how to handle future threats.

"In today's world of medical devices that are connected to a hospital's network or even a patient's own internet service at home, we see significant technological advances in patient care and, at the same time, an increase in the risk of cybersecurity breaches that could affect a device's performance and functionality," Suzanne Schwartz, associate director for science and strategic partnerships, said in a blog posted Tuesday on the FDA website.

To address this threat, the FDA recommends that manufacturers have processes to detect possible vulnerabilities within their devices and develop a plan to release firmware updates to patch such weaknesses before a patient is harmed.

The guidelines focus on action plans manufacturers can take after a medical product has been released. The FDA published a set of earlier guidelines in October 2014 for ways manufacturers can design stronger cybersecurity protection into future medical devices. And the FDA promises to continue to advise manufacturers on cybersecurity moving forward.

Schwartz writes, "This is clearly not the end of what FDA will do to address cybersecurity. We will continue to work with all medical device cybersecurity stakeholders to monitor, identify and address threats, and intend to adjust our guidance or issue new guidance, as needed."