The recent revelations by Cyber Security experts regarding the significant vulnerabilities of medical devices to so-called “MedJack” attacks, has prompted the FDA to take proactive measures. This article highlights the issue of medical devices and Cybersecurity, address the comprehensive regulatory response and evaluate the impact upon the medical device industry.
The medical device industry was somewhat taken by surprise when a well-known cyber security firm TrapX, published a report in early 2015documenting recent security breaches aimed at obtaining private and confidential medical information.7 TrapX branded these attacks as “MedJack” or medical device jack.8 The report also highlighted the existence of an “extensive compromise of a variety of medical devices which included X-ray equipment, picture archive and communications systems (PACS) and blood gas analyzers (BGA).”9 It also highlighted similar threats to a host of other medical devices including “diagnostic equipment (PET scanners, CT scanners, MRI machines, etc.), therapeutic equipment (infusion pumps, medical lasers and LASIK surgical machines), and life support equipment (heart – lung machines, medical ventilators, extracorporeal membrane oxygenation machines and dialysis machines).”10 In short, TrapX noted that medical devices were vulnerable to cyber security threats.