News & Publications

Alaap Shah Quoted in “Can Pacemakers (and Other Medical Devices) Really Be Hacked?”

How-To Geek

Alaap B. Shah, Member of the Firm in the Health Care & Life Sciences practice, in the firm’s Washington, DC, office, was quoted in How-To Geek, in “Can Pacemakers (and Other Medical Devices) Really Be Hacked?” by Dave Johnson.

Following is an excerpt:

From pacemakers to smartwatches, we’re increasingly becoming a cybernetic species. That’s why recent headlines about vulnerabilities in implanted medical devices might set off alarm bells. Can your grandfather’s pacemaker really be hacked and, if so, what’s the real-world risk?

It’s a timely question. Yes, there are significant changes in medical technology afoot—implantable devices can now communicate wirelessly, and the coming medical Internet of Things (IoT) is bringing with it various wearable devices to keep healthcare providers and patients more connected. But a major medical device manufacturer has made headlines with not one, but two critical security vulnerabilities. …

The Industry Is Playing Catch-Up

At first glance, it might appear Medtronic is the poster child for clueless and dangerous security (the company didn’t respond to our request for comment on this story), but it’s far from alone. …

Alaap Shah, a lawyer who specializes in privacy, cybersecurity, and regulation in health care at Epstein Becker Green, explains: “Manufacturers have not historically developed products with security in mind.”

After all, in the past, to tamper with a pacemaker, you had to perform surgery. The entire industry is trying to catch up to technology and understand the security implications. A rapidly evolving ecosystem—like the medical IoT mentioned earlier—is putting new security stresses on an industry that’s never had to think about that before.