a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by user-inactivated
user-inactivated  ·  2167 days ago  ·  link  ·    ·  parent  ·  post: FDA Wants Medical Devices to Have Mandatory Built-In Update Mechanisms

There may be a more terrible IT sub-industry than health care IT. But that bar is very low to start with. And now the overworked, competent, people are looking at this and screaming into their alcoholism.

IoT is stupid. I am now of the mind that anything that is vital to care should never touch a network. And the next round of appliances I get will NOT have an internet connection.





kleinbl00  ·  2167 days ago  ·  link  ·  

    I am now of the mind that anything that is vital to care should never touch a network

This is the thing that baffles me. The devices I worked on weren't crazy-sophisticated - well, maybe they were. Rate-sensitive pacemakers with sensing shock-pace atrial defibrillation are pretty sophisticated. Funny, I typed "most sophisticated implantable devices" into Google and Business Insider (because of course Business Insider) threw up a list with worthless shit like breast implants but they also topped their list with ICDs and ran with a picture of the very one I helped design.

Now. The internals of that device have probably changed. But probably not that much. The externals are identical to what I worked on. In 1996. In that amount of time, the device has gone from being an InControl to being a Guidant to being a Johnson & Johnson to being a Guidant again. And in that time we've gone from IR wireless to bluetooth to wireless USB to wifi to NFC.

If you had that thing put in back in '96, our models suggest you're ten years dead. BUT it's not unreasonable to expect medical professionals to interact with ten-year-old technology, either. My grandfather had his hip replaced in '89. He had half of it replaced again in '09, with the same model from the same manufacturer, so that they only had to fuck up half as many bones getting it back in.

I have no idea why you need to future-proof a device with an anticipated life of under ten years needs software updates, especially considering they're not exactly sophisticated by the standards of modern computing. I mean, you're gonna have to get physical access to it in order to change the battery every 5-7 years anyway.

user-inactivated  ·  2167 days ago  ·  link  ·  

Pacemakers logging to the doctor and the doctor being able to tweak the pacemaker's settings without opening the patient up are probably both useful things. I suspect hospitals will start reevaluating how useful the first time we see pacemaker ransomware.

They aren't just talking about implantable devices though.

kleinbl00  ·  2167 days ago  ·  link  ·  

    Pacemakers logging to the doctor and the doctor being able to tweak the pacemaker's settings without opening the patient up are probably both useful things.

Absolutely. But bloody hell they sure as shit don't need to be on the network.

    I suspect hospitals will start reevaluating how useful the first time we see pacemaker ransomware.

That absolutely should not ever, ever work.

    They aren't just talking about implantable devices though.

Absolutely. But bloody hell they sure as shit don't need to be on the network.

user-inactivated  ·  2167 days ago  ·  link  ·  

No argument here.

user-inactivated  ·  2167 days ago  ·  link  ·  
kleinbl00  ·  2167 days ago  ·  link  ·  

Utter bullshit.

https://www.nytimes.com/2016/09/09/business/dealbook/hedge-fund-and-cybersecurity-firm-team-up-to-short-sell-device-maker.html

Meanwhile, the actual exploit has been scrubbed off even Wayback Machine, probably because in general, to update a pacemaker you have to sit a device on the patient's fucking shirt.