If you missed the story, this was a consumer hacker, not a lab who was able to hack the insulin device. This goes to what I keep saying in technology to slow down and get the security right. How many more hints and visits from Anonymous and others do we need? I do have to say this inquiry is much better than trying to wrangle the FDA into a new set of rules here as I think they know what they have to do, problem is money and enough resources.
FDA and Medical Devices-Who Doesn’t Get This, They Are Looking for Engineers Just Like Technology Companies Are Doing- Get Some Congressional Digital Literacy in Place
What I found somewhat bothering in the article was the response from Medtronic as being dismissed – don’t do that and it should be a warning for all insulin pump makers to take another look as you are only as good as the next hacker that comes along and there are a lot of people in this world who are not nice who could in fact do something that is not ethical. I have always said that sometimes devices, and this one is wireless, get out there before a multiple debug has taken place. We all know that everyone does their best but when it comes to software running medical devices get all the testing, amateur and professional that you can get your hands on today.
Black Hat Convention Diabetic Technologist Proves Security Holes With Mobile Medical Diabetes Pump Devices–Hacking Possible and Security Focus Needed
With what has been occurring in the “hacking” business of late, I think it’s time we slow down a bit and get the security right in Health IT before we keep working on new functionalities and by nature developers don’t work that way. It’s boring and time consuming to work on the security end and not as exciting, but if we don’t do it sufficiently, it comes back to bite. How much hacking have we read about???
It’s all about those algorithms, good ones, secure ones and so forth to counteract the bad algorithms.
Actually too, I think all medical devices should at least register with the FDA to allow the agency to make a decision as to which ones need to be cleared and that way they are not blindsided on what in heck is out there. Registration of a device should be a simple process to fill out and update medical software/device information let’s say once a year as if the device and software change, then it may require clearance if more capability is added with updates too, keep that in mind as everything changed today rapidly. Let the FDA have a registry so they are not caught blindsided.
FDA Mobile Medical Applications NPRM From the FDA–Register All With Categories and Create New Classification for “Clone Apps”
Last but not least, don’t cut the funds of the FDA and get them the engineers they need to make this happen too, as our representatives in Congress owe it to us to work harder at becoming digitally literate and we don’t see very much of that today and it’s showing more every day, just look at the popularity polls when foot in mouth disease accelerates, and the FDA can’t find a cure those folks sadly, but I wish the agency could. BD
IBM Watson Capabilities Being Pitched to Financial Industry-Congress Must Not Have Felt They Needed This So Further Behind We Fall With Effective Intelligent Lawmaking
Radcliffe found that he was able to hack his own pump and alter it to respond a stranger's remote control. The report got a lot of attention and even garnered a response from med-tech giant Medtronic Inc. (NYSE:MDT), which dismissed the threat as being purely theoretical, since malicious software attack on a medical device has yet been reported.
"In bringing forward innovative wireless technologies and devices for healthcare, it’s critical that these devices are able to operate together and with other hospital equipment, and not interfere with each other’s activities and data transmissions," Eshoo and Markey wrote in their letter to the GAO. "It's also important that such devices operate in a safe, reliable, and secure manner."
Minneapolis, Minn.-based Medtronic, which ranked 5th on the MassDevice Big 100 list of the world's largest medical device companies, seemed skeptical of the Radcliffe's anecdotal evidence, saying that his direct access to the pump and remote device as well as his conscious decision to turn on the wireless feature of the pump were beyond the type of access a hacker could reasonably have.