The intersection between cybersecurity and medical technology is the pacemaker, at least this week. The Food and Drug Administration has forced NYSE-traded Abbott Laboratories to recall some 465,000 pacemakers due to software vulnerabilities. It seems that the black hat across town could actually change a heartbeat. The news is not a windfall for hospitals; a programming patch can be installed wirelessly at a cardiologist’s office. But the headline emphasizes a new area of technology-based business risks. Abbott just acquired its pacemaker business from St. Jude Medical for some $25 billion. The liability could be extreme in the case of hacked pacemakers, never mind the direct and indirect costs of the outsized, if not embarrassing recall. Board members and shareholders alike may be asking uncomfortable questions about what the firm discovered—or chose to ignore—in conducting due diligence on the transaction. Perhaps Abbott should have paid closer attention to its white-hat allies. The health-care giant responded obliquely this week by asserting, “We are resolving all old St. Jude medical issues.” ■
Our Vantage Point: Due diligence once centered on governance and profit analysis. Executives ignored cybersecurity, in part because they did not understand it. They now do so at their peril.
Learn more at the Chicago Tribune
© 2017 Cranganore Inc. All rights reserved.
Image: Three companies—Abbott, Boston Scientific, and Medtronic—control the US market for pacemakers. Credit: Khuruzero at Can Stock Photo Inc.