The US Food and Drug Administration (FDA) is recalling nearly half-a-million pacemakers from St Jude Medical (now Abbotts) after finding at the beginning of this year that the devices could be hacked. Leading cyber security experts have had their say on the news.
Cesare Garlati, chief security strategist at the prpl Foundation, said: "With IoT, the main cause for concern is security. IoT has developed rapidly and is now being used in all facets of life, which is why improvements in security need to be made now, especially when human lives depend on the IoT medical devices for survival. Failure to do so will lead to catastrophic results.
"Healthcare organisations need to ensure that security requirements are being met in the technology used. To help manufactures and developers, the prpl Foundation has provided guidance on how to create a securer Internet of Things. This involves manufacturers to adopt a hardware-led approach that sees security embedded from the ground up. By following these steps, we can become more efficient, secure which will reduce the potential damage in the future."
Jackson Shaw, senior director of product management at One Identity, said: "I highly encourage our government to get on with debating and passing the IoT Cybersecurity Improvement Act of 2017. This legislation requires vendors of Internet-connected devices purchased by the federal government make sure the devices can be patched when security updates are available; that the devices do not use hard-coded passwords; and that vendors ensure the devices are tested for vulnerabilities before they ship. This, in my opinion, will be a good first step towards better IoT security for all of us.
"While this legislation only covers devices sold to the federal government, my hope is that we will see state governments, hospitals and others require compliance to the act. In the meantime, it’s important that we all remember that cyber-security is all of our responsibilities – ask questions of your vendors regarding how they are handling vulnerability testing, cyber-security and how they will respond to vulnerabilities when are discovered."