Document Type


Publication Date


Publication Citation

19 Minnesota Journal of Law, Science & Technology 405 (2018)


Cybersecurity, including the security of information technology (IT), is a critical requirement in ensuring society trusts, and therefore can benefit from, modern technology. Problematically, though, rarely a day goes by without a news story related to how critical data has been exposed, exfiltrated, or otherwise inappropriately used or accessed as a result of supply chain vulnerabilities. From the Russian government's campaign to influence the 2016 U.S. presidential election to the September 2017 Equifax breach of more than 140-million Americans' credit reports, mitigating cyber risk has become a topic of conversation in boardrooms and the White House, on Wall Street and Main Street. But oftentimes these discussions miss the problems replete in the often-expansive supply chains on which many of these products and services we depend on are built; this is particularly true in the medical device context. The problem recently made national news with the FDA-mandated recall of more than 400,000 pacemakers that were found to be vulnerable to hackers necessitating a firmware update. This Article explores the myriad vulnerabilities in the supply chain for medical devices, investigates existing FDA cybersecurity and privacy regulations to identify any potential governance gaps, and suggests a path forward to boost cybersecurity due diligence for manufacturers by making use of new approaches and technologies, including blockchain.