Right now, the issue is seen as largely theoretical but experts in the area of cybersecurity say it is a focus of serious concern. What would happen if hackers took over the computers controlling medical implants, turning them from life-saving devices into tools of potential injury or death?
There are no reported cases of such a thing happening at this point, but the potential of such a scenario becoming real was brought home recently when the Food and Drug Administration issued a warning encouraging the shelving of the Hospira Symbiq Infusion System.
The device is used in hospitals and other care facilities all over the country to deliver measured doses of fluids to patients. The problem is that control of the units can be taken over by unauthorized individuals. They can gain access by hacking into a hospital’s computer network.
This isn’t a new issue. Awareness of such threats prompted the FDA to issue guidelines several years ago indicating steps that manufacturers should take to improve device security, but critics say they aren’t strict enough. That may be remedied later this year if the FDA releases updated guidelines as expected.
While no instance of hacking with the intent to do bodily harm is known, the insurance industry acknowledges it could happen. And experts observe that anytime a device malfunctions and causes injury or death, regardless of the reason, product liability claims usually follow.
When it happens, the list of possible defendants can be long, including hospitals, doctors, nurses and device makers. But in the case of a hack, the line could also be drawn to the software developers, the Internet service provider, other consultants and any of their insurers.
That should not surprise anyone. Those who make, distribute and use defective or dangerous products deserve to be held accountable for harm caused. Those who fall victim to them may deserve compensation and can learn about their rights and options by speaking with experienced legal counsel.
