defibrillator

x-ray image of permanent pacemaker implant in chest body , process in blue tone

Spotlight Podcast: Synopsys’ Dan Lyon on the Challenge of Securing Connected Medical Devices

Podcast: Play in new window | Download (Duration: 27:07 — 31.0MB)Subscribe: Android | Email | Google Podcasts | RSSIn this Spotlight Podcast, sponsored by Synopsys: In the wake of a presentation at Black Hat about security flaws in implantable pace maker devices, Synopsys Principal Consultant Dan Lyon joins us to talk about why medical device makers struggle to make their connected medical devices more secure. Dan and I discuss some of the flaws in the approach that medical device makers take to security, and how manufacturers can take a page out of their own book: applying the same standards to cyber security as they do to – say- device safety. 

A warning letter from the FDA to St. Jude Medical said the firm ignored warnings that its implantable medical devices and related software were vulnerable to hacking or unexpected failure.

Update: FDA says St. Jude Medical knew about Device Flaws 2 Years Before Muddy Waters Report

In-brief: In a damning report, the FDA said that St. Jude Medical* knew about serious security flaws in its implantable medical devices as early as 2014, but failed to address them with software updates or other mitigations, or by replacing those devices. (Editor’s note: updated to include a statement from Abbott and comment from Dr. Kevin Fu. – PFR April 14, 2017)