Saying this as someone who's done medical devices for close to 20 years, the only thing we know that you may not is that we have to follow procedures, or else.
Fortunately it is very difficult to pull of an attack with a medical device since you need to know the exact make and model and then find a way to exploit it.
Some years ago I was in the hospital for six weeks with a very ill child ( all is well ) and they were monitoring vitals every hour and later every four hours. It is a type of torture to be awoken to do this all the time. During that season I wanted to build a solution that would collect vitals and allow the patient to rest without disturbance and see it cheap enough to become ubiquitous. But when I looked into what has to be done to get medical devices certified I backed away.
Sadly, horribly, that is now a risk with every major procedure - but at least it's a known risk that the patient can choose to accept when the underlying condition is not life threatening. Devices that don't work properly and haven't been properly reviewed by the FDA are risks the patient can't reasonably evaluate.
Karen Sandler has an interesting story about medical devices and how they are, literally, putting her life on the line. She's both a lawyer and a hacker, and you should hear the stories she tells about how people distrust her for this and think she's trying to trick them when all she wants to do is learn about the software and hardware that is keeping her alive:
It's certainly a fair question. I don't work in medical devices, but know people that have, and the problem for medical hardware has two steps: One, build something that won't kill the patient, and then step two is proving that you're correct about step one. Step two is the expensive bit.
Thanks for the feedback! I guess it would be nice if I got some help from a large organization. Another possibility seems to not claim to be a medical device, or to be similar to an existing one which is well known. For example it seems stethoscopes are no more regulated.
reply