When protecting medical devices from hacks, is the cure worse than the disease?

Abbott warned that its newest update has the potential to cause malfunctions within the pacemakers. Since Abbott Laboratories released the update, the Food and Drug Administration received at least 12 reports of pacemakers malfunctioning during the update process. In some cases, the devices failed to update properly. Even when the devices did update correctly, there were reports that some of the pacemakers went into backup mode during the updates. In backup mode, the pacemakers are reset to default settings rather than those customized for a particular patient.

Despite the glitches, none of the reports contained any mention of serious harm being caused to the patients.

While there have been multiple reports of malfunctions during the updating process, the FDA has received no reports of any of the hacks which the updates were meant to prevent. Mike Kijewski, chief executive of MedCrypt, said that the risk was fairly low due to the fact that a hacker would have to be within close proximity of the patient in order to get to his or her pacemaker.

The low risk of hacking combined with the higher risk of malfunction has led some doctors to simply refuse the updates.

“It’s not really a risk we’re willing to take at this point,” said Bruce Lerman, chief of cardiology at New York-Presbyterian/Weill Cornell Medical Center. “We don’t feel the benefit at this point necessarily outweighs the potential risk of uploading this software.”

Abbott Laboratories pacemakers are currently in use by about 465,000 patients in the United States, and they aren’t the only medical devices at risk of being hacked. In December of the last year, the FDA released new guidelines for protecting medical devices from hackers.