I have two mutually contradictory reactions.
(1) "Yeah, yeah. Big surprise." It hardly seems newsworthy that our high-tech devices are lacking in security, in or out of the medical device world. Everywhere we look, software-driven gadgets are passing data around willy-nilly, making life oh so conveinent both for us who own the data, and for the thieves and snoops who have other purposes in mind. We expose our bank accounts and our health information first, then only later get upset and try to close the wide-open barn door once someone has stolen the horse.
(2) "OMG, how can we still be in this state?" Medical device innovators have always had a two-part command - the green and white beacon guiding us to our landing - "Whatever you design, make it work and make it SAFE." In terms of system and software design for security, how is it that we've forgotten or ignored that edict?
Yes, many devices currently in use were designed some time ago.
Yes, for devices on a network such as in a hospital, the IT administrator shares part of the security task.
Yes, the level of hacking sophistication has risen dramatically of late.
Still, can we honestly say that we couldn't foresee potential threats to devices which communicate data in some way? For years, I have described my favorite example - imagine a glucose meter built into (or attached to) a cell phone, which can then transmit data for Mr D (diabetic) to the physician's office for trending. All we need is a hacker, looking to cause trouble for Mr D, who releases a Bluetooth virus which alters the glucose readings to appear to have a massive spike. The erroneous insulin dose could be fatal.
Please, please, please. Medical device cybersecurity is part of design safety. Hazard assessment tools such as fault tree analysis and FMEA are well-established, and security threats don't require much imagination any more. I realize that evaluating cyberhazards isn't nearly as glamorous and sparkly as new technology - but it's one of the many things that bite us sooner or later when we neglect it in our designs!