Worse, they have no legal recourse. But open source could offer hope.
If the software were open source, the group says, such problems could be found and ended.
While admitting no deaths have yet been attributed to insecure IMD software, the group's paper also described how researcher Kevin Fu was able to simulate a successful attack on an IMD in 2008. As devices become increasingly software-based the danger grows worse.
The paper suggests open source would be more secure than current closed-source solutions, less subject to bugs, noting that patients could be protected from hackers by "cloaking" device access through encryption and passwords.
The real target here, however, appears to be the Supreme Court, which ruled in the 2008 case of Riegel vs. Medtronic that patients have no legal recourse against defective devices. FDA device approval (which has since proven to have been faulty during the period in question) gives device makers immunity from suits, the court held.
With the successful regulatory capture of the FDA by manufacturers, the elimination of patients' access to the courts, and an increased reliance on possibly-buggy software that could be vulnerable to attack, the SFLC is suggesting open source as a possible solution.
It won't get it. But we may get better medical device regulation. At least for the next few years.