[ianhowson]

There's now FDA guidance on cybersecurity risks, but in a nutshell, it says "you must consider cybersecurity risks in your risk management plan." Manufacturers were (usually) doing this anyway but the probability and impact have been reassessed since the various lawsuits.

I don't work on pacemakers, specifically, but I'm confident you can no longer say "it has RF remote and nobody can buy the programming interface, therefore it's secure", because that's what went wrong before.

Instead, the risk management plan will look something like:

1. "magnet only with big disclaimers" (because you need the emergency cut-out switch; 'patient died because malfunction' is a worse outcome than 'maybe someone put a big-ass magnet on someone's chest and they got mostly non-life-threatening symptoms')

2. optionally, some form of 'secured' RF interface. Don't presume SSL. This is risk management, remember, so it's probably enough to say "hold a magnet on and then we enable unencrypted unauthenticated comms". Or maybe they do use SSL and just put way bigger micros in there. I don't know.

(edit: someone below who knows more than I do says "use Bluetooth", possibly triggered by magnet taps. Makes sense to me.)