While we continue to worry about the coronavirus, a new concern has popped on the diabetes device horizon. Given that all the toys now talk with the cloud and the other toys the FDA seems to be taking a more active role regarding cybersecurity.
This week the FDA is informing patients, health care providers, and manufacturers about a set of cybersecurity vulnerabilities, referred to as “SweynTooth,” that – if exploited – may introduce risks for specific medical devices. SweynTooth affects the wireless communication technology known as Bluetooth Low Energy (BLE).
BLE allows two devices to “pair” and exchange information to perform their intended functions while preserving battery life and can be found in medical devices as well as other devices, such as consumer wearables and Internet of Things (IoT) devices. These cybersecurity vulnerabilities may allow an unauthorized user to wirelessly crash the device, stop it from working, or access device functions usually only available to the authorized user.
“Medical devices are becoming increasingly connected, and connected devices have inherent risks, which make them vulnerable to security breaches. These breaches potentially impact the safety and effectiveness of the device and, if not remedied, may lead to patient harm,” said Suzanne Schwartz, M.D., MBA, deputy director of the Office of Strategic Partnerships and Technology Innovation in the FDA’s Center for Devices and Radiological Health. “The FDA recommends that medical device manufacturers stay alert for cybersecurity vulnerabilities and proactively address them by participating in coordinated disclosure of vulnerabilities as well as providing mitigation strategies. An essential part of the FDA’s strategy is working with manufacturers, health care delivery organizations, security researchers, other government agencies and patients to address cybersecurity concerns that affect medical devices to keep patients safe.” FDA