The Health Sciences Institute is intended to provide cutting-edge health information.
Nothing on this site should be interpreted as personal medical advice. Always consult with your doctor before changing anything related to your healthcare.

Medical-device hackers could put countless patients in danger

It’s like something out of a Tom Clancy novel.

During his last year in office, doctors quickly removed the wireless function from Vice President Dick Cheney’s pacemaker.

They were worried that someone could hack into the device and assassinate him.

It sounds like real cloak-and-dagger stuff. But experts are warning that the medical devices that millions of us depend on to keep us alive are so vulnerable that even a high school hacker can break into them.

And what these hackers could do if they get control of our devices is almost too terrible to think about.

A tragedy waiting to happen
Just think about all the things we do to protect our personal and financial information. We don’t give out our Social Security numbers online — and our credit cards even come with those fancy new chips.

But when it comes to guarding our medical devices from hackers, it doesn’t look like anyone is lifting a finger to keep us safe.

In fact, just two years ago, a cybersecurity expert showed a shocked FDA just how fast he could hack into a Hospira infusion pump, which is used to dispense insulin and even chemo drugs.

It took him just minutes to crack the password and take over the device — and if he hadn’t been a “good guy” hacker, he could have easily delivered a deadly dose of drugs to a hospital patient.

The problem is that almost everything we touch these days is either sending out information via Bluetooth, or connected by Wi-Fi to the Internet. That’s especially true for medical devices like:

  • Cardiac defibrillators and pacemakers
  • Insulin pumps and glucose monitors
  • Gastric stimulators
  • Deep brain neurostimulators, and
  • Cochlear implants.

And that makes for one giant security threat unlike anything we’ve seen on TV on in the movies.

Breaking into computerized devices through Bluetooth or the Internet is exactly how financial information is so often stolen. Only in the case of medical equipment, it’s a lot more urgent than when your credit card or bank account number is lifted.

Finally, however, the FDA is limping into “action,” just releasing a 25-page draft guidance containing advice for device manufacturers to follow about patching security bugs and alerting consumers.

But only if they feel like doing it.

Actually, under the guidance, a company could just try and fix — or even cover up — a security problem without telling anyone, including the FDA. They’re only required to report something if it results in a person dying.

And if you think something smells mighty fishy about that, you’re not alone.

The president of the nonprofit group Consumer Watchdog, Jamie Court, says those pretty-please recommendations fall way too short. What we need is a law requiring device makers to improve and upgrade their systems to prevent attacks.

But that probably won’t be happening, he added, until a Congressman’s defibrillator is hacked.

Look, we know that when the FDA finally admits to a problem, it’s gone way too far. As Court said, if something isn’t done soon “someone is going to die.”

And with untold numbers of patients hooked up to or wearing these devices, it’s just a matter of time before tragedy strikes.

That’s why we all need to submit a formal comment at the Federal Register about the FDA’s weak-kneed industry guidance. We have until April 21 to let the agency know that “recommendations” aren’t going to do it.

It’s time the FDA took a firm stand on this. This is something that’s far too important just to leave to the foot-draggers of the federal government to do at their own pace.

You can go here to leave a comment for the FDA.

Sources:
“The FDA wants medical device creators to pay attention to cybersecurity” Ashley Carman, January 19, 2016, <i>The Verge</i>, theverge.com

Get a free copy of 5 Household Items that Cause Cancer

By texting HSI to 844-539-1128, you are providing your electronic signature expressly consenting to be called and texted (including by prerecorded messages, using an autodialer, and/or automated means) with alerts, stories, reports, and marketing communications from Institute of Health Sciences, LLC. and its authorized representatives at the phone number you provide, including landlines and wireless numbers, even if the phone number is on a corporate, state or national Do Not Call list. You also consent and unconditionally agree to our Privacy Policy and Terms of Use, including the arbitration provision and class action waiver contained therein. Msg&data rates may apply. 15 Msgs/Month. You are not required to agree to this as a condition of making a purchase.

Terms & Conditions

The following Terms and Conditions apply to your use of the website located at hsionline.com (the “website”) and any text messages that you send to or receive from the Institute of Health Sciences, L.L.C. These Terms and Conditions constitute a binding agreement (“Agreement”) between you (“you”) Institute of Health Sciences, L.L.C (“we”, “us”, etc.)  Please read these terms carefully. 

By providing your telephone number to us, texting us a short code listed on the website, or otherwise indicate your agreement to these Terms and Conditions, you are agreeing to the mandatory arbitration provision and class action waiver below. 

ARBITRATION IS MANDATORY AND THE EXCLUSIVE REMEDY FOR ANY AND ALL DISPUTES RELATED TO THIS WEBSITE, THIS AGREEMENT, AND ANY TELEPHONE CALLS, EMAILS, OR TEXT MESSAGES THAT YOU RECEIVE FROM OR ON BEHALF OF US, UNLESS SPECIFIED BELOW OR UNLESS YOU OPT-OUT.

Text Messaging and Telemarketing Terms and Conditions

When you provide your telephone number on this website or send a text message to us with or from a short-code, you agree to receive alerts and communications, and marketing messages including those sent via automated telephone dialing system, text messages, SMS, MMS, and picture messages from Institute of Health Sciences, L.L.C at the phone number you provide on this website or the phone number from which you text the short code, including on landlines and wireless numbers, even if the phone number is on a corporate, state or national Do Not Call list. You also agree to the mandatory arbitration provision and class action waiver below. Your consent is not required to purchase goods or services. Message & data rates may apply.

You may opt-out at any time by texting the word STOP to the telephone number from which you receive the text messages.  Call 1-888-213-0764 to learn more.  By providing your telephone number, you agree to notify us of any changes to your telephone number and update your account us to reflect this change. Your carrier may charge you for text messages and telephone calls that you receive, or may prohibit or restrict certain mobile features, and certain mobile features may be incompatible with your carrier or mobile device. Contact your carrier with questions regarding these issues.

Dispute Resolution by Binding Arbitration and Class Action Waiver

Any dispute relating in any way to telephone calls, emails, or text messages that you receive from or on behalf of Institute of Health Sciences, L.L.C this website, or this Agreement (collectively “Disputes”) shall be submitted to confidential arbitration and shall be governed exclusively by the laws of the State of Maryland, excluding its conflict of law provisions.  For the avoidance of doubt, all claims arising under the Telephone Consumer Protection Act and state telemarketing laws shall be considered “Disputes” that are subject to resolution by binding individual, confidential arbitration.

If a Dispute arises under this Agreement, you agree to first contact us at 1-888-213-0764 or help@hsionline.com. Before formally submitting a Dispute to arbitration, you and we may choose to informally resolve the Dispute.  If any Dispute cannot be resolved informally, you agree that any and all Disputes, including the validity of this arbitration clause and class action waiver, shall be submitted to final and binding arbitration before a single arbitrator of the American Arbitration Association (“AAA”) in a location convenient to you or telephonically. Either you or we may commence the arbitration process by submitting a written demand for arbitration with the AAA, and providing a copy to the other party.  The arbitration will be conducted in accordance with the provisions of the AAA’s Commercial Dispute Resolutions Procedures, Supplementary Procedures for Consumer-Related Disputes, in effect at the time of submission of the demand for arbitration.  Except as may be required by law as determined by the arbitrator, no party or arbitrator may disclose the existence, content or results of any arbitration hereunder without the prior written consent of both parties. Institute of Health Sciences, L.L.C will pay all of the filing costs.  Without limiting the foregoing, YOU EXPRESSLY AGREE TO SUBMIT TO ARBITRATION ALL DISPUTES RELATING TO ANY TEXT MESSAGES OR TELEPHONE CALLS YOU RECEIVE FROM OR ON BEHALF OF US OR ANY ENTITY WITH WHOM WE MAY SHARE YOUR TELEPHONE NUMBER.  Further, we both agree that all entities with whom we share your telephone numbers shall be third party beneficiaries of this Agreement to Arbitrate Disputes, and that those entities have the same rights as Institute of Health Sciences, L.L.C to enforce this arbitration provision.

Notwithstanding the foregoing, the following shall not be subject to arbitration and may be adjudicated only in the state and federal courts of Maryland: (i) any dispute, controversy, or claim relating to or contesting the validity of our or one of our family company’s intellectual property rights and proprietary rights, including without limitation, patents, trademarks, service marks, copyrights, or trade secrets; (ii) an action by us for temporary or preliminary injunctive relief, whether prohibitive or mandatory, or other provisional relief; (iii) any legal action by us against a non-consumer; or (iv) interactions with governmental and regulatory authorities.  You expressly agree to refrain from bringing or joining any claims in any representative or class-wide capacity, including but not limited to bringing or joining any claims in any class action or any class-wide arbitration.

The arbitrator’s award shall be binding and may be entered as a judgment in any court of competent jurisdiction. To the fullest extent permitted by applicable law, no arbitration under this Agreement may be joined to an arbitration involving any other party subject to this Agreement, whether through a class action, private attorney general proceeding, class arbitration proceedings or otherwise.

YOU UNDERSTAND THAT YOU WOULD HAVE HAD A RIGHT TO LITIGATE IN A COURT, TO HAVE A JUDGE OR JURY DECIDE YOUR CASE AND TO BE PARTY TO A CLASS OR REPRESENTATIVE ACTION.  HOWEVER, YOU UNDERSTAND AND AGREE TO HAVE ANY CLAIMS DECIDED INDIVIDUALLY AND ONLY THROUGH ARBITRATION.  You shall have thirty (30) days from the earliest of the date that you visit the website, the date you submit information to us through the website, or the date that you send a text message to us, to opt out of this arbitration agreement, by contacting us by email at help@hsionline.com or by mail Health Sciences Institute, PO Box 913, Frederick, MD 21705-0913. If you do not opt out by the earliest of the date that you visit the website, the date you submit information to us through the website, or the date that you send a text message to us, then you are not eligible to opt out of this arbitration agreement.

Electronic Signatures

All information communicated on the website is considered an electronic communication.  When you communicate with us through or on the website, by text message or telephone, or via other forms of electronic media, such as e-mail, you are communicating with us electronically.  You agree that we may communicate electronically with you and that such communications, as well as notices, disclosures, agreements, and other communications that we provide to you electronically, are equivalent to communications in writing and shall have the same force and effect as if they were in writing and signed by the party sending the communication.

You further acknowledge and agree that by clicking on a button labeled “ORDER NOW”, “SUBMIT”, “I ACCEPT”, “I AGREE”, “YES”, by texting a short code to us in response to a request on this website, or by clicking or similar links or buttons, you are submitting a legally binding electronic signature and are entering into a legally binding contract.  You acknowledge that your electronic submissions constitute your agreement and intent to be bound by this Agreement.  Pursuant to any applicable statutes, regulations, rules, ordinances or other laws, including without limitation the United States Electronic Signatures in Global and National Commerce Act, P.L. 106-229 (the “E-Sign Act”) or other similar statutes, YOU HEREBY AGREE TO THE USE OF ELECTRONIC SIGNATURES, CONTRACTS, ORDERS AND OTHER RECORDS AND TO ELECTRONIC DELIVERY OF NOTICES, POLICIES AND RECORDS OF TRANSACTIONS INITIATED OR COMPLETED THROUGH THE WEBSITE.  Furthermore, you hereby waive any rights or requirements under any statutes, regulations, rules, ordinances or other laws in any jurisdiction which require an original signature, delivery or retention of non-electronic records, or to payments or the granting of credits by other than electronic means You may receive a physical paper copy of this contract by contacting us at help@hsionline.com.

Privacy Policy

Please read our Privacy Policy, which is incorporated herein by reference.  In the event of any conflict between these Terms and Conditions and the Privacy Policy, these Terms shall control.

Contact Us

You may contact us by telephone at 1-888-213-0764 or by email at help@hsionline.com.