On October 2, 2014, the U.S. Food and Drug Administration (FDA) issued its final guidance on cybersecurity for medical device manufacturers, titled “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.” Less than three weeks later?after the recent surge in reported data breaches at several large corporations?media sources broke the story that the Department of Homeland Security (DHS) is investigating a different type of vulnerability: cybersecurity flaws in medical devices and hospital equipment. These flaws include security vulnerabilities that could lead to death or serious injury, as well as exposure to civil lawsuits or government investigations should such harms befall the public.

DHS’s Investigation -

According to media reports, the DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is investigating approximately two dozen potential security vulnerabilities in medical devices that may be exploitable by cyber criminals. ICS-CERT began examining technical vulnerabilities in medical devices about two years ago, based on a cybersecurity researcher’s concerns that networked medical devices were susceptible to malicious hacking. A DHS source was quoted saying that “[i]t isn’t out of the realm of the possible” that medical device security vulnerabilities could “cause severe injury or death.”