Some technology allows doctors to monitor patients remotely as they go about their lives. Other medical devices allow monitoring of patients from a central location, such as a nursing station for hospitalized patients here in Ohio and elsewhere. The latter became the subject of a warning from the Food and Drug Administration after GE Healthcare issued a letter in Nov. 2019 regarding concerns that the company’s Clinical Information Central Stations and Telemetry Servers could be vulnerable to cyber-attacks.
The devices measure certain information regarding patients, such as blood pressure, temperature and heartbeat. The FDA wants facility staff and health care providers to know of the vulnerabilities of these devices. They are not being recalled at this point since GE Healthcare is issuing patches and software updates it believes will resolve the issue.
Until the patches needed are available, the devices could be hacked. This means that anyone gaining access to the stations and servers could generate false alarms, silence alarms and otherwise interface with the alarms meant to alert medical personnel that a patient is experiencing an issue. It is not difficult to see how these actions could put the lives of patients in jeopardy.
At this time, neither the FDA nor GE Healthcare have received reports of any adverse events due to this issue. However, that could always change as long as the cybersecurity issue remains. Any tampering with these medical devices could result in serious or fatal harm to a patient. If an Ohio patient, or family member in the event of death, believes any harm suffered may have been due to this issue, it may be possible to pursue restitution through the filing of a product liability claim.