It’s a scenario that many medical device companies might never have considered: the idea that a hacker could gain access to one of their products with malicious intent and potentially harm a patient. Unfortunately, the interconnectivity of the information age has pushed this concept into the realm of the possible, forcing more and more medical device developers to evaluate the most effective ways to make their products as secure as possible.
A report from MSNBC.com published this past June described several different situations where medical devices that are accessible via wireless data connections can have their functionality compromised by anyone using easily available computer equipment. Examples given included a wireless insulin pump and glucose monitor, as well as a Medtronic pacemaker/defibrillator, which could be reprogrammed with the potential to seriously injure or even kill a recipient.
The MSNBC article mentions a paper recently presented at IEEE Healthcom’11 entitled, “Hijacking an insulin pump: Security attacks and defenses for a diabetes therapy system.” Written by Prof. Niraj Jha, grad student Chunxiao Li, and Prof. Anand Raghunathan, the paper has attracted the attention of both the media and the FDA, with the latter having been in the process of investigating ways to improve the safety and security of these embedded devices for at least the past 14 months.
Each of the authors of the insulin pump paper went out of their way at Healthcom’11 to stress that they do not currently consider the use of these types of devices to be dangerous, nor were they willing to single out the specific manufacturer responsible for producing the insulin pump that was the focus of their research. However, the fact that these types of security exploits are receiving more attention in the mainstream press is an indicator that the underground hacking community is well aware of the loopholes and back doors that exist in current medical device and data systems.
MDCI recommends that manufacturers involved in the development of wirelessly accessible medical devices investigate how their products can remain on the cutting edge of data security. It is no longer enough to rely on factors such the invisibility of implanted devices as a type of safety measure, as even obscure data systems can be found and exploited via wireless technology. The safety of patients and the reputation of medical device players depend on a renewed interest in protecting device operations and data from malicious access.
Benjamin Hunting
MDCI Blogging Team
Trackbacks/Pingbacks
Report Reveals Wirelessly-Accessible Medical Devices Vulnerable to Hackers: It’s a scenario that many medical de… http://bit.ly/oOkRYm
Could a hacker reprogram your wireless insulin pump, glucose monitor or pacemaker/defibrillator? #MedicalDevice #FDA http://t.co/y0aOdBS
Could a hacker reprogram your wireless insulin pump, glucose monitor or pacemaker/defibrillator? #MedicalDevice #FDA http://t.co/y0aOdBS
Are Hackable Medical #Implants the Next #Health Hazard? #MedicalDevice #FDA #WIFI #Regulatory http://t.co/y0aOdBS
Are Hackable Medical #Implants the Next #Health Hazard? #MedicalDevice #FDA #WIFI #Regulatory http://t.co/y0aOdBS
Are Hackable Medical #Implants the Next #Health Hazard? #MedicalDevice #FDA #WIFI #Regulatory http://t.co/y0aOdBS
Are Hackable Medical #Implants the Next #Health Hazard? #MedicalDevice #FDA #WIFI #Regulatory http://t.co/y0aOdBS
[...] Shuren also pushed for more openness regarding inter-industry relationships, calling out the need for medical device companies to share their own internal product safety and efficacy standards. Doing so, the director stated, would help companies save money when developing new devices as it would avoid the concurrent deployment of redundant assessment programs. A less guarded approach to this type of intellectual property could also help device interoperability, which is a growing concern as the use of wireless technology continues to spread throughout the industry. [...]