It’s not just the pacemakers that are at risk. An extremely high percentage of computer systems used in US hospitals and medical offices run out of date OS software, do not have up-to-date virus definitions for their AV software, and do not have updated medical software, and it’s the government’s fault.
Under the current wording of laws (as of last November, when I researched Jack and the pacemaker hacks for an ethical position paper), any software updates to such systems technically count as a modification that would require recertification of the equipment by the FDA or other bodies involved in such certifications. As a result, hospital administrators and IT teams are choosing to turn off automatic updates and keep going with what they have, rather than risk invalidating their equipment. It’s a flawed set of rules that needs to be rewritten, especially considering that some institutions in the studies demonstrated malware infections rates as high as 90% of all computers in some hospitals being affected.
