Cybersecurity Flaws in Medical Devices Lead to Homeland Security Investigation

Infusion pumps, heart devices and insulin pumps may be particularly vulnerable to cyberattacks, and are among the devices targeted by a new safety investigation launched by government.  

According to a report by Reuters News, the U.S. Department of Homeland Security (DHS) is investigating at least two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment which could be exploited by hackers.

The products are under review by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), including Hospira infusion pumps that are designed to deliver medication directly to a patient’s bloodstream, as well as implantable heart devices manufactured by Medtronic Inc and St. Jude Medical Inc.

Did You Know?

AT&T Data Breach Impacts Millions of Customers

More than 73 million customers of AT&T may have had their names, addresses, phone numbers, Social Security numbers and other information released on the dark web due to a massive AT&T data breach. Lawsuits are being pursued to obtain financial compensation.

Learn More

Reuters indicates that information about the investigation into potential cybersecurity flaws in the medical devices was received from an anonymous senior level official in the DHS. The source indicated that they were unaware of any specific instances where hackers were able to attack patients through these devises, but the devices were being investigated for possible vulnerabilities.

The main concern is hackers with malicious intent will gain control of devises remotely and create problems, such as causing an infusion pump to overdose a patient with drugs or forcing heart implants to receive a lethal jolt of electricity.

In 2012, a demonstration at the RSA security conference in San Francisco exposed potential security flaws with certain Medtronic insulin pumps, with hackers showing how they were able to remotely access the medical devices from 300 feet away.

Other security flaws in pumps have allowed hackers to scan an area for the devices, hack them and then cause the pump to deliver a potentially fatal dose of insulin.

Plugging the Cyber Vulnerabilities

ICS-CERT indicates that it is working with the manufacturers to repair software vulnerabilities and coding bugs that hackers can use to attack equipment or expose confidential data.

While many of the scenarios seem farfetched, the Reuters News source suggested that it is not out of the realm of possibility to cause severe injury or death.

ICS-CERT started examining the medical equipment two years ago. Traditional thinking believed the products only needed to be protected from unintentional hacks, now they believe intentional hacks must be guarded against as well.

Earlier this month the FDA issued final guidance on the cybersecurity of medical devices. The guidance suggested ways that manufacturers should handle security concerns surrounding new technology used in medical devices.

The FDA also called on manufacturers to consider hacks during the initial design of medical devices, asking manufacturers to inform the agency about potential risks and how to handle them.

In 2013, the FDA urged medical device manufacturers to take new measures to increase cybersecurity. The FDA safety warning called on health care facilities and manufacturers to take steps to safeguard their networks and information before and attack occurs. The recommendations included, conducting security software updates, install patches and refraining from uncontrolled distribution of passwords.


  • MarcelJuly 13, 2016 at 5:33 am

    I have two broken pinnacle titanium screws from Stryker that have broke A few months after surgery who's fault is this the maker of the screws or the doctor

Share Your Comments

I authorize the above comments be posted on this page*

Want your comments reviewed by a lawyer?

To have an attorney review your comments and contact you about a potential case, provide your contact information below. This will not be published.

NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

This field is for validation purposes and should be left unchanged.

More Top Stories

Master Baby Food Lawsuit Filed in MDL Outlines How Toxic Metals Caused Autism, ADHD in Children
Master Baby Food Lawsuit Filed in MDL Outlines How Toxic Metals Caused Autism, ADHD in Children (Posted 2 days ago)

Plaintiffs have submitted a baby food lawsuit Master Complaint that is expected to streamline the filing of lawsuits alleging that toxic heavy metals in Beech-Nut, Gerber, Hain and Nurture products caused ADHD, autism and other developmental disorders.

Lawsuit Claims AGGA Device Damaged Teeth, Resulting in Disfiguring Injury
Lawsuit Claims AGGA Device Damaged Teeth, Resulting in Disfiguring Injury (Posted 2 days ago)

Another AGGA device lawsuit has been filed by a man who says he had to have the device surgically removed less than a year after having it implanted due to jaw problems and migraines.