(800) 369-0899
(215) 569-4000
Contact Us Today
Clinicians are able to deliver more efficient patient care with connected devices and remote monitoring. Constant monitoring and telemedicine have been proven beneficial in determining causes of illnesses for patients. However, when devices, medical or non-medical, are equipped with connectivity and sensors, security risks and vulnerabilities are typically identified and uncovered.
Medtronic, Boston Scientific, and St. Jude Medical, three U.S. makers of pacemakers and defibrillators, have experienced cybersecurity warnings, and acknowledged vulnerabilities in their cardiac-device programmers since 2016. In 2017, the US Department of Homeland Security raised issues with another manufacturer of medical devices, Smiths Medical, concerning syringe infusion pumps, which dispense small, continuous doses of medication in acute care settings. If a remote attacker gained unauthorized access to the pump, the hacker could change the dose of medication administered to the patient.
St. Jude Medical, and a lawsuit relating to vulnerabilities in its cardiac implantable defibrillators and pacemakers, precipitated a recall of almost 465,000 devices in August of 2017. The effected devices will need to be updated. As a result, patients will need to attend hospitals and clinics where medical staff can execute this non-invasive, but potentially inconvenient, procedure.
Consequently, these warnings have resulted in hospitals and clinics rethinking how they manage, regulate, and safeguard medical devices. Hospitals in the United States usually average between 10 and 15 medical devices per bed. Cardiac hospitals and clinics typically have a procedure room for pacemaker and defibrillator patients to receive routine checkups on the devices implanted in their chests. With the increase in cyber-criminal activity, device companies continually remind doctors to secure cabinets and lock doors to reduce the risk of hackers and thieves gaining access to the equipment.
In addition to ensuring devices are locked, hospitals are charged with making certain that devices are properly connected to hospital networks. Security firm Trend Micro, in a study using Shodan, a search engine that indexes internet-connected devices, discovered over 100,000 records of potentially-vulnerable medical equipment and hospital computers. Further, Medtronic affirmed that its CareLink 2090 programmer contained vulnerabilities that would allow a hacker to read material on the network, but not write to the network.
Computer Forensic Services proclaimed that gains in convenience often mean small losses of security; therefore, vigilance is needed. Even though there has never been a confirmed report of a hacker undermining a medical device with the intent to harm a patient, healthcare practice KPMG UK advises hospital administrators to assess the clinical rewards and patient benefits associated with using these devices, versus any dangers that may be involved.
If you have been injured by a defective medical device, contact one of our Philadelphia defective medical device lawyers at Brookman, Rosenberg, Brown & Sandler for a free consultation. We have a proven track record of successfully prosecuting cases related to manufactured or marketed defective medical devices. Call us at 215-569-4000 or contact us online. We are centrally located in Philadelphia, Pennsylvania, and we represent clients throughout the surrounding areas.