How Changes to the DMCA Impact Medical Device Investors

Hackers, grab your white hats: the US copyright office has temporarily suspended certain restrictions in the Digital Millennium Copyright Act (DMCA). That means that benevolent security experts—or “white hat” hackers—can test cyber vulnerabilities of connected medical devices without fear of legal repercussions.
The exemptions were decided on a year ago, but only go into effect now. As of October 28, 2016, hackers can conduct “good-faith testing” in order to discover security flaws with products—and then share their findings with the world.
If you invest in medical device companies, this ruling is an important one.
The question of cybersecurity, particularly when it comes to life-saving implants or devices, has been in the news a lot lately. Johnson & Johnson (NYSE:JNJ), for example, recently warned customers of a potentially fatal vulnerability in their Animas OneTouch Ping Insulin pump: a hacker may interfere with unencrypted communications between the wireless remote and pump, triggering an insulin overdose in users.

Elsewhere, St. Jude Medical (NYSE:STJ) has entered a bitter legal battle with Muddy Waters and MedSec, following accusations that their connected cardiac devices are vulnerable to cyber attacks.
In St. Jude’s case, the allegations have had a serious impact on share price—indeed, stock fell four percent immediately following the release of MedSec’s report.
Johnson & Johnson performed better, even making minor gains in the days following the recall. That may be because of the proactive way the company handled the issue, as well as the fact that only one specific device was impacted.
Nevertheless, the permission newly granted to white hat hackers is something investors need to note. The increased freedom means that even more medical device manufacturers may be in the news soon—and they might not weather scandal as well as Johnson & Johnson has.
In fact, you can expect cybersecurity to remain a hot topic for many years. It’s an increasingly pressing concern, especially given work and interest in the field of bioelectronics—surgically implanted medical devices that modulate neural signals. Speaking at the 2016 FierceBiotech conference, GSK’s Kris Famm noted that the new generation of bioelectronics will be connected—which means that cybersecurity is top of mind for his company and others in the space.
“You can have monitoring, adjustment … you can have an upgrade,” he said, explaining the benefits of connected bioelectronic implants. “That does build in vulnerability.”
But as he acknowledged, the established medical device industry is already hard at work on these cybersecurity questions. The liberties afforded by the revised DMCA may expedite that process, as more medical device manufacturers are made aware of vulnerabilities that exist in their products.
Don’t forget to follow us @INN_LifeScience for real-time news updates.
Securities Disclosure: I, Chelsea Pratt, hold no direct investment interest in any company mentioned in this article.