They’ve hacked into medical records and credit cards, and some now fear they could even go after networked medical devices, causing harm to people who use them for everything from blood glucose readings to keeping their hearts beating.
According to a story by Katelyn Noland, a group of U.S. lawmakers want to address the issue right up front.
The concern developed when security researcher Jeremy Radcliffe hacked his own insulin pump. Of even more concern was the hacking of pacemakers and defibrillators by Medical Device Security Center researchers using wireless methods in 2008, as InformationWeek reported at the time.
It’s been discussed for some time but groups such as the Information Security and Privacy Advisory Board have recently recommended that the Food and Drug Administration (FDA) address medical device security before devices are sold, Katelyn reported. Especially in light of recent failures of both metal-on-metal hip implants and defibrillator malfunctions, these are just some of the things experts feel the FDA should consider regarding medical devices.
Lawmakers sent a letter to the Office of Management and Budget March 30, according to Noland, in which “chairman Daniel J. Chenok said the government should make one agency responsible for overseeing medical device cybersecurity.”
Chenok suggested the National Institute of Standards and Technology work with the FDA to look into cyber features that would be enabled – and could be hacked – by networked devices in federal settings.
The group also suggested that software features should be built into the devices when purchased, instead of having to download them.
The FDA sent its position to CBS News after a report questioned approval practices on “Sunday Morning: "The FDA evaluates thousands of medical devices used by Americans each year. It is an incredible responsibility, and medical devices reviewed by the FDA have a strong track record of safety and effectiveness. Evidence suggests that the vast majority of these devices perform well and improve patient health.”
The FDA has also said it has yet to receive any reports about patient safety incidents resulting from hackers, but researchers have been able to tap medical devices wirelessly, and the Department of Veterans Affairs said it had 173 reported incidents of malware-infected medical devices in the last two and a half years.
Edited by
Braden Becker
