Crossroads Blog | CYBER SECURITY LAW AND POLICY

regulation

Board Urges Feds to Prevent Medical Device Hacking: Wired

On April 10th, 2012, Kim Zetter wrote for Wired on a security vulnerability in wireless medical devices.  Health professionals can now control and monitor medical devices (like insulin pumps, defibrillators, and pacemakers) wirelessly.  Disturbingly, Zetter explained that an unauthorized third party could wirelessly exploit these very same medical devices.  These vulnerabilities have led to calls for the FDA to regulate the devices and decide whether they are safe before allowing them on the market.  

Zetter referenced a letter from the Information Security and Privacy Advisory Board to the U.S. Office of Management and Budget urging reform.  Specifically, the letter noted that these software-controlled medical devices could put millions of patients at risk and that no federal entity has responsibility for monitoring the devices' safety.  The Board suggested putting the FDA in charge of regulating the devices so that "[c]ybersecurity features in medical devices should be active at the time of purchase by the Government, and should be easily and transparently configurable by a provider at the time of use . . . ."

Reading through the Wired article, it appears that this vulnerability isn't necessarily new.  A security researcher had previously demonstrated that he could hack his own insulin pump, and medical researchers demonstrated that they could hack pacemakers and defibrillrators wirelessly.  Nevertheless, extremely disturbing.

You can find the Wired source article here.

Leave a Reply

regulation

Board Urges Feds to Prevent Medical Device Hacking: Wired

On April 10th, 2012, Kim Zetter wrote for Wired on a security vulnerability in wireless medical devices.  Health professionals can now control and monitor medical devices (like insulin pumps, defibrillators, and pacemakers) wirelessly.  Disturbingly, Zetter explained that an unauthorized third party could wirelessly exploit these very same medical devices.  These vulnerabilities have led to calls for the FDA to regulate the devices and decide whether they are safe before allowing them on the market.  

Zetter referenced a letter from the Information Security and Privacy Advisory Board to the U.S. Office of Management and Budget urging reform.  Specifically, the letter noted that these software-controlled medical devices could put millions of patients at risk and that no federal entity has responsibility for monitoring the devices' safety.  The Board suggested putting the FDA in charge of regulating the devices so that "[c]ybersecurity features in medical devices should be active at the time of purchase by the Government, and should be easily and transparently configurable by a provider at the time of use . . . ."

Reading through the Wired article, it appears that this vulnerability isn't necessarily new.  A security researcher had previously demonstrated that he could hack his own insulin pump, and medical researchers demonstrated that they could hack pacemakers and defibrillrators wirelessly.  Nevertheless, extremely disturbing.

You can find the Wired source article here.

Leave a Reply