Recently, the Medical Device Security Center published a paper describing an attack on Pacemakers and Implantable Cardiac Defibrillators which would allow the wireless reprogramming of these devices by an unauthorized entity, with the potential of dire consequences to the person having one of these devices implanted in them. News of the exploit made its way into several online news sources, and the medical device community was quick to point out that such exploits have never been reported in the real world.
While this may indeed be true, it is important to note that, almost infallibly, news of such exploits often leads to a "me too" mentality among hackers with the intention of proving it can be done in the real world. Hackers often view exploits as an art form, and strive to create more "elegant" versions of the exploits in an attempt to "one-up" the last hacker. While this may be an annoyance when it comes to consumer electronics, digital television, or computer systems, it is much more than an annoyance when it comes to medical devices.
The time has come for medical device companies to take a more proactive stance about device security.