Fans of the American television drama Homeland may remember a scene in which the US vice-president is killed by an assassin who hacks into his wireless pacemaker and induces a fatal electric shock. This premise might sound fantastical, but the publication by the US Food and Drug Administration on Oct 2 of guidance on cybersecurity for medical devices suggests that such scenarios have moved beyond the realm of fiction and are of practical (albeit improbable) concern.The guidance is hardly sophisticated; mainly that manufacturers should include authentication, such as passwords, to restrict access to legitimate users, but many devices lack even this basic precaution.
Advances in technology and communications—the internet most of all—are changing health care as they have changed business and our personal lives. But in a world in which governments can routinely monitor communications of entire nations and newspapers hack into a murder victim’s mobile phone in pursuit of a scoop, these advances come with serious dangers. A person’s health is a point of vulnerability on a par with (or even greater than) private communications. As recent history has shown, the incentive for malicious exploitation of such vulnerability is strong.
A revolution in health technology is underway and the public may be happy to embrace such innovation. But they do so with caveats. They have a right to expect that their data and devices will be safe, secure, and only used for their wellbeing. To glean the benefits of these advances while mitigating the risks, the law, computer security, and corporate responsibility need to evolve synchronously.
Source: The Lancet – Read full article here.