(800) 369-0899
(215) 569-4000
Contact Us Today
Technology is progressing at an incredible pace. Connecting medical devices to the internet is becoming standard practice. This is part of the growing IoT or Internet of Things. The IoT includes cars, appliances, toys, fitness equipment, along with medical devices like pacemakers, home monitors, and remote ultrasound monitors. The goal in connecting these devices is to improve patient care, device operation, and prevent needless surgeries. Connecting medical devices to the Internet of Things is not without risk. As with most things related to the internet, security is a serious concern to anyone with a connected medical device.
In 2007, then-Vice President Dick Cheney set out to highlight one of the key risks of connecting medical devices. Recognizing the risk of hacking, he had doctors disconnect his pacemaker from the internet. As a public figure, the connection made him vulnerable and posed serious security risks. There was the potential for hackers to gain access to sensitive information contained on the device. Another risk is the ability of hackers to hijack the device for ransom.
The law is often slow in responding to technology and internet-connected medical devices are no different. In 2014, the FDA addressed the issue by consulting with cybersecurity experts to outline recommendations for manufacturers. They identified five risks:
One key concern was the prevention of access to patients’ protected health information (PHI). Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), medical professionals are responsible for restricting access to such information. Leaks of patient information may result in fines, criminal sanctions, and civil liability to those responsible.
The FDA further called on manufacturers to work closely with cybersecurity firms and hospitals to assess threats to device functionality, the likelihood of attacks, and the level of risk posed. They also recommended that these groups develop mitigation strategies and criteria for risk acceptance levels.
Although the law does not yet provide specifics directly related to the hacking of internet-connected medical devices, this does not mean victims are left without recourse. As with any medical device, manufacturers, doctors, and hospitals have a responsibility to protect patients from harm caused by misuse or malfunction. HIPAA guidelines are clear: Leaks of protected health information is not permitted under any circumstances. Those entrusted with such information are obligated to do all in their power to prevent PHI leaks or face litigation.
Furthermore, manufacturers are obligated to ensure that their medical devices provide the benefits they claim without causing further harm. This includes the potential harm that patients may experience if someone other than their health care provider gains access to the workings of their life-saving medical device.
Philadelphia defective medical device lawyers at Brookman, Rosenberg, Brown, & Sandler help victims of hacked medical devices. If you have been harmed because your medical device is connected to the internet, complete our online form or call 800-369-0899 to schedule a free confidential consultation. From our Philadelphia office, we help victims from Philadelphia County, Chester County, Delaware County, and New Jersey.