In cases to date, medical devices have not been deliberately targeted, but if these appliances are linked to a hospital network that is vulnerable to attack (such as diagnostic equipment) the threat-level is high.
“The FDA isn’t aware of any reports of an unauthorised user exploiting a cybersecurity vulnerability in a medical device that is in use by a patient,” wrote FDA commissioner Scott Gottlieb in October 2018, in a statement on strengthening the agency’s medical device cybersecurity programme. “But the risk of such an attack persists.”
