Reports that medical devices implanted in patients or used for their treatment may have dangerous vulnerabilities are not new, but a new "safety communication" is focusing more attention on the issue. Ars Technica points out that the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) group that works along with private industry to protect the nation's infrastructure issued its own alert alongside the FDA's, focusing on the many embedded devices that are protected only by hard-coded passwords.
The ICS-CERT message recommends restricting physical access to sensitive hardware, improved designs that are more resistant to potential attacks and increased network security. The FDA lists various vulnerabilities it's become aware of like network connected devices being infected by malware, mobile devices being targeted to access patient data, the previously mentioned hard-coded passwords issue and more. Going forward, the FDA is collecting reports of "adverse events" to determine if security has been compromised, and will issue new guidelines on mobile health technology later this year. We've seen examples of potential security solutions for pacemakers in the past, and the more connected healthcare devices become we're sure patients expect any potential vulnerabilities to be addressed as well.