From the Security Info Watch news article:
…Looking the other way is not the correct response, even if the device is old or was made by a different company.
Rather, the FDA wants a company to do a full risk assessment and if a risk is severe, to do a “coordinated disclosure” of information about vulnerabilities and solutions.
Today about 14 billion devices are connected to the internet, including some bedside drug-infusion pumps in hospitals and pacemakers implanted in patients’ chests. The number of devices in this “Internet of Things” is projected to jump to 50 billion by 2020, making cybersecurity a top issue in coming years.
“Adversaries” in the medical device cybersecurity realm would include hackers targeting individual devices and systems, and older computer viruses still floating around the internet that could create chaos if they find their way into unpatched networks.
In theory, a malicious hacker could compromise a device and then cause medical harm to a patient by causing an error in drug dosing or draining a device’s battery, but no case of this happening has been documented. Hackers have targeted hospital networks and demanded ransom in exchange for unlocking the hospital’s computer system. Devices could also theoretically be hacked to secretly transmit patients’ health and financial data outside the hospital, where it could be exploited for identity theft…
Read more at the link:
http://www.securityinfowatch.com/news/12270536/fda-says-cooperation-is-essential-on-cybersecurity