|Cybersecurity for the Internet of Things: A house of cars?|
Issuing a recall is no light matter because there are subtle risk-benefit implications. For instance, a sudden recall on a medical device could have profound risks that outweigh the benefits of a blanket recall. In a non-cybersecurity context, this debate arose not long ago when a defibrillator lead suffered a mechanical design flaw. Because removal of an electrode could pose risks to a patient when the tip had already bound to the cardiac tissue, only certain patients were recommended to replace the electrode. So whereas today automobiles have been recalled for cybersecurity reasons, there will need to be a different debate when eventually some medical device will suffer a clinically relevant cybersecurity flaw. If the flawed device is not implanted and other competing devices are available, then a recall may make sense in the risk-benefit calculus as patients can use another device (e.g., an infusion pump or bedside monitor). On the other hand, blanket recalls are likely not the answer for an implanted device where there are fewer alternatives available for patients already with certain predisposed risks.
The medical device community should consider itself lucky that the automotive community has earned the dubious honor of having the first cybersecurity-only recall. Given the large number of medical devices, it's just a matter of time before some medical device company will receive a painful, late night phone call to confront challenges similar to what Fiat Chrysler is now enduring.