Today, Black Hat 2013 is wrapping up in Las Vegas, concluding a week of presentations on security and technology. Two presentations, in particular, were important to note because of the potential direct effect their subject matter can have on the lives of their users. The first, a vulnerability in pacemakers that allows the device to be disabled from distance. The second, a talk on the ways hackers are, and can, work with the FDA to safely and securely disclose vulnerabilities that they find in medical equipment.
Technology is infecting the medical industry. That cannot be denied. WiFi compatible pills are on their way, apps are fighting to replace laboratory equipment. Beyond the potential dangers, there is a great potential for expanding access to improved medical care to millions without it currently across the globe, but the dangers are real.
In the United States, the FDA is developing methods for responding to the increased proliferation of applications and devices. At this time though, these efforts seem to be mostly focused finding potential threats and dangerous devices on the market and then limiting or regulating their distribution.
“It’s evident from their history that many pharmaceutical and medical manufacturing companies will take advantage of any loophole or gap in the FDA’s protections that they perceive,” commented Daniel Nigh, an attorney with the Levin, Papantonio law firm who practices in the areas of product liability and personal injury litigation. “Unfortunately, when these companies force products to market without the proper review, it’s the patients, consumers, and users that are left to suffer the consequences.”
For historical perspective, recently Stryker Hip Recall lawsuits have been piling up against the manufacturer. The metal-on-metal hip implant was passed through the 510(k) approval process and bypassed many important steps in verifying the product’s safety. The process, while legal, was taken advantage of by the company to fast-track a dangerous product to market.
The efforts of the hacker community to host work with the FDA to develop safe and proper responses on the front-end is important. Often, luddites and backward groups take a knee-jerk reaction to hackers as the enemy. “Hacker” as pejorative: a harsh aggregation and simplification.