When help can hurt

We know that many people are alive today because of the incredible advances in medical technology.  We applaud the efforts of researchers and the companies that employ them as they work to improve the quality of life for many people who need help.

The medical device industry, itself, is now concerned about the fact that many of its software-driven devices are connected to the Internet Of Things, including surgical equipment connected to a phone while a patient is undergoing surgery.  Without robust cyber security protection, many devices are vulnerable.  In fact, in 2017, nearly 500,000 pacemakers were recalled in the U.S. because they can be hacked.

Far too many products, including medical devices, have not been designed from a cybersecurity perspective and can be hacked.  Plenty of  bugs (flaws) in the software make products unsafe.  The public has a right to be protected from flawed products.

Why does this happen?

Many factors may contribute to problematic medical device software being delivered to vulnerable patients, including:

  • pressure to get a product to market faster than competitors, which can lead to manufacturers taking shortcuts and not testing as thoroughly as they should
  • increased interdependencies between the devices being built and other systems which then add complexity to the way the product works.
Plus, we have no software safety laws.  Product safety regulations were designed long ago, before software came on the scene.  
 
Not long ago, only 1 in 20 medical device recalls were due to faulty software.  Today (2018), that number is 1 in ever 4 recalls are due to software issues.

What can you do?

If you have a medical device implant or use medical devices to maintain your health, speak with your doctor about any concerns you have and find out how to keep track of what’s going on with any software-driven product you may be using.  

Over time, as our company GlitchTrax grows, we will work on ways to bring you the most up-to-date information that you can use to keep your loved ones safe.

Other options:

  • You can always look for recall information at this FDA recall site, but it’s not always easy to understand, or

     

  • You can set up an automatic google alert search using details about the medical device you’re concerned about. If your device is recalled, you’ll get an email from google. If you’re not sure how to do this, just go to this blog and follow the steps (or have a friend of the family help you out).

Some recent examples

What we would like you to understand is that glitch happens™, even in devices that are supposed to save lives.  The following is just a sample of some medical device recalls.

Here are some examples of medical device recalls that need a software fix.

Heart pump controller requires software upgrade; 26 deaths in U.S.

No fewer than 26 deaths have been reported because patients could not replace the Heartmate II LVAS system controller fast enough.  Software upgrades are being issued to 28,882 devices that have been recalled in the U.S., and new devices will have upgraded hardware and new software.

Source:  U.S. FDA Medical Recalls 2017

Nearly 500,000 pacemakers recalled because they can be hacked

August, 2017 – The U.S. FDA recalled nearly 500,000 pacemakers due to concerns that their “lax cybersecurity could be hacked to run the batteries down or even alter the patient’s heartbeat.”

These radio-controlled pacemakers were all made by Abbott and sold under the brand name “St. Jude Medical.”

Source:  The Guardian

Defect can cause serious injury and/or death

April, 2014 – An anaesthesia delivery device was urgently recalled. The equipment, which not only delivers anaesthesia during surgery but also oxygen to the patient, had a glitch that can cause it to suddenly stop.

The bug was so serious that and the FDA issued the recall as a “Class 1” recall, the most urgent, as it could cause severe injury or death.

There was also some concern about the device because it has a USB port that allows a telephone to be plugged into it – this is a hacking risk.

Source:  ARS Technica   

Making patients “breathe on their own” is a deadly software glitch

March, 2014 – 15 years after the ventilators were first produced, the US FDA issued a Class 1 designation due to a software glitch that could trigger a code requiring the patient to breathe on his or her own.

What does this mean? It means that if someone is hooked to a ventilator because they cannot breathe on their own, this software glitch will mistakenly cause the machine to stop ventilating, as it “thinks” the patient is supposed to breathe on his or her own.

Covidien’s Puritan Bennett 840 Series Ventilator was built between 1998 and 2010 — the US FDA Class 1 recall was issued in 2013. These ventilators are used on infants as well as paediatric and adult patients.

Other ventilators have deadly software glitches, too.

Hamilton Medical, a ventilation device manufacturer based in Sweden, also received a US FDA Class 1 designation on its devices in 2012.

Source: US FDA Medical Recall

Stay safe.