Accendo Reliability

Your Reliability Engineering Professional Development Site

  • Home
  • About
    • Contributors
  • Reliability.fm
    • Speaking Of Reliability
    • Rooted in Reliability: The Plant Performance Podcast
    • Quality during Design
    • Way of the Quality Warrior
    • Critical Talks
    • Dare to Know
    • Maintenance Disrupted
    • Metal Conversations
    • The Leadership Connection
    • Practical Reliability Podcast
    • Reliability Matters
    • Reliability it Matters
    • Maintenance Mavericks Podcast
    • Women in Maintenance
    • Accendo Reliability Webinar Series
  • Articles
    • CRE Preparation Notes
    • on Leadership & Career
      • Advanced Engineering Culture
      • Engineering Leadership
      • Managing in the 2000s
      • Product Development and Process Improvement
    • on Maintenance Reliability
      • Aasan Asset Management
      • AI & Predictive Maintenance
      • Asset Management in the Mining Industry
      • CMMS and Reliability
      • Conscious Asset
      • EAM & CMMS
      • Everyday RCM
      • History of Maintenance Management
      • Life Cycle Asset Management
      • Maintenance and Reliability
      • Maintenance Management
      • Plant Maintenance
      • Process Plant Reliability Engineering
      • ReliabilityXperience
      • RCM Blitz®
      • Rob’s Reliability Project
      • The Intelligent Transformer Blog
      • The People Side of Maintenance
      • The Reliability Mindset
    • on Product Reliability
      • Accelerated Reliability
      • Achieving the Benefits of Reliability
      • Apex Ridge
      • Metals Engineering and Product Reliability
      • Musings on Reliability and Maintenance Topics
      • Product Validation
      • Reliability Engineering Insights
      • Reliability in Emerging Technology
    • on Risk & Safety
      • CERM® Risk Insights
      • Equipment Risk and Reliability in Downhole Applications
      • Operational Risk Process Safety
    • on Systems Thinking
      • Communicating with FINESSE
      • The RCA
    • on Tools & Techniques
      • Big Data & Analytics
      • Experimental Design for NPD
      • Innovative Thinking in Reliability and Durability
      • Inside and Beyond HALT
      • Inside FMEA
      • Integral Concepts
      • Learning from Failures
      • Progress in Field Reliability?
      • R for Engineering
      • Reliability Engineering Using Python
      • Reliability Reflections
      • Testing 1 2 3
      • The Manufacturing Academy
  • eBooks
  • Resources
    • Accendo Authors
    • FMEA Resources
    • Feed Forward Publications
    • Openings
    • Books
    • Webinars
    • Journals
    • Higher Education
    • Podcasts
  • Courses
    • 14 Ways to Acquire Reliability Engineering Knowledge
    • Reliability Analysis Methods online course
    • Measurement System Assessment
    • SPC-Process Capability Course
    • Design of Experiments
    • Foundations of RCM online course
    • Quality during Design Journey
    • Reliability Engineering Statistics
    • Quality Engineering Statistics
    • An Introduction to Reliability Engineering
    • Reliability Engineering for Heavy Industry
    • An Introduction to Quality Engineering
    • Process Capability Analysis course
    • Root Cause Analysis and the 8D Corrective Action Process course
    • Return on Investment online course
    • CRE Preparation Online Course
    • Quondam Courses
  • Webinars
    • Upcoming Live Events
  • Calendar
    • Call for Papers Listing
    • Upcoming Webinars
    • Webinar Calendar
  • Login
    • Member Home

by Greg Hutchins Leave a Comment

Could Your Pacemaker be Hacked?

Could Your Pacemaker be Hacked?

Guest Post by Paul Kostek (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Hack a pacemaker?  Is this a real problem?

Some recent experiments have been able to hack a pacemaker and other medical devices including an insulin pump.  The weakness of these systems was the analog sensors attached to the body to gather information. These analog inputs bypass the internal security and are converted directly to digital signals. 

From a risk perspective is this something medical device manufacturers , insurance companies and the medical professionals need to worry about? It was part of a conversation at the Black Hat @Design West Conference where considerable discussion was held on building defensive walls.

Risk Analysis

Manufacturers will need to  consider what are the risks from an external source, what are the possible technology responses, and how does the cost balance with the risk.   For anyone working in the application of risk the latter is an important question.

What risk are we willing to live with when we talk about devices placed in people?
What are the implications if an insulin pump is hacked and insulin delivery turned off?  Increased?

Can we detect the hacking?

If we detect an attack, can we develop a default mode that will allow the device to continue to provide therapy while blocking the attempted hack? Do we let the user know?

All important questions that need to be addressed as part of the User Needs and requirements definition process.

Privacy: Another Important Question

What considerations will privacy play in these devices?  HIPAA rules will have to be considered as security methods are developed.  We’ll need to determine if the solution will have any impact on the privacy of the patient, also could the privacy decisions impact the technology solution?  These will be questions that need to be addressed as we move forward with medical technology.

What happens as we move further along and develop more implantable devices?  The balancing act is providing security while ensuring privacy and keeping costs of implementing security reasonable.

This will be the challenge for all of us in moving forward.

Bio:

Paul J. Kostek is a Principal of Air Direct Solutions, a systems engineering/project management consulting firm. He works with companies in defining system architecture, system requirements, interface definition, verification planning, risk management and software development standards. Paul received his BS from the University of Massachusetts, Dartmouth.   Paul works in a range of industries including: aerospace, defense, medical device and e-commerce.

Paul is a long-time volunteer with several professional engineering societies including IEEE, AIAA, SAE, INCOSE and PMI.  He also writes for the CERM Risk Insights emagazine.

Filed Under: Articles, CERM® Risk Insights, on Risk & Safety Tagged With: Risk

About Greg Hutchins

Greg Hutchins PE CERM is the evangelist of Future of Quality: Risk®. He has been involved in quality since 1985 when he set up the first quality program in North America based on Mil Q 9858 for the natural gas industry. Mil Q became ISO 9001 in 1987

He is the author of more than 30 books. ISO 31000: ERM is the best-selling and highest-rated ISO risk book on Amazon (4.8 stars). Value Added Auditing (4th edition) is the first ISO risk-based auditing book.

« How to Trick Operators (and everyone else)
Design of Experiments, Testing Compression and the Opportunity to Identify Interactions »

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CERM® Risk Insights series Article by Greg Hutchins, Editor and noted guest authors

Join Accendo

Receive information and updates about articles and many other resources offered by Accendo Reliability by becoming a member.

It’s free and only takes a minute.

Join Today

Recent Articles

  • test
  • test
  • test
  • Your Most Important Business Equation
  • Your Suppliers Can Be a Risk to Your Project

© 2025 FMS Reliability · Privacy Policy · Terms of Service · Cookies Policy