The absence of reported hacks on medical devices doesn't mean they aren’t happening, experts say, because there are no mechanisms in place to detect them.
The FDA has made medical device cybersecurity a high priority, even as it stresses that there have been no reported incidents of malicious medical device hacks or of patients harmed by a security-related issue.
But that assurance is based more on assumption than fact, experts say. And other evidence gathered in real-world healthcare environments suggests that the lack of cybersecurity reports at the FDA is more suspicious than comforting.
"I think we're making a reasonable assumption that [malicious hacking] hasn't happened, but it's not based on any empirical evidence one way or the other," Codenomicon medical security global director Mike Ahmadi told MassDevice.com in an in-depth interview. "It may have happened."