Security

The FDA doesn't want your pacemaker to get hacked

The US Food and Drug Administration finalizes cybersecurity guidelines and recommendations to protect connected medical devices.

artificial-pacemaker.jpg

The FDA advises manufacturers to create an action plan to improve the cybersecurity of medical devices like artificial pacemakers.

Getty Images/Science Photo Library RM

Whether it's cars or frying pans, more and more things are connected to the internet. While this adds a level a convenience and control to everyday items, there is also an increased vulnerability for things to be hacked.

The US Food and Drug Administration recognizes this threat as a possibility for internet-connected medical devices and advises manufacturers to take precautions now on how to handle future threats.

"In today's world of medical devices that are connected to a hospital's network or even a patient's own internet service at home, we see significant technological advances in patient care and, at the same time, an increase in the risk of cybersecurity breaches that could affect a device's performance and functionality," Suzanne Schwartz, associate director for science and strategic partnerships, said in a blog posted Tuesday on the FDA website.

To address this threat, the FDA recommends that manufacturers have processes to detect possible vulnerabilities within their devices and develop a plan to release firmware updates to patch such weaknesses before a patient is harmed.

The guidelines focus on action plans manufacturers can take after a medical product has been released. The FDA published a set of earlier guidelines in October 2014 for ways manufacturers can design stronger cybersecurity protection into future medical devices. And the FDA promises to continue to advise manufacturers on cybersecurity moving forward.

Schwartz writes, "This is clearly not the end of what FDA will do to address cybersecurity. We will continue to work with all medical device cybersecurity stakeholders to monitor, identify and address threats, and intend to adjust our guidance or issue new guidance, as needed."