GAO Report: FDA Should Look Into Security Vulnerabilities for Medical Devices Like Insulin Pumps

The Citizen's Guide to the Future
Oct. 1 2012 4:12 PM

GAO Report: FDA Should Look Into Security Vulnerabilities for Medical Devices Like Insulin Pumps

Rep. Mike Honda

Photo by Chip Somodevilla/Getty Images

Last summer, hackers at the Black Hat security conference demonstrated a frightening possibility: that insulin pumps and other medical devices could be vulnerable to attacks and incursions.

Now the Government Accountability Office has weighed in on the issue. In a report released last week, the GAO asks the FDA to develop a strategy to address information security risks for insulin pumps, implantable defibrillators, and other medical devices. Just like websites, according to the experts the GAO consulted, these devices could be vulnerable to malware, unauthorized access, and denial of service attacks. “A denial-of-service attack could be launched using computer worms or viruses that overwhelm a device by excessive communication attempts, making the device unusable by either slowing or blocking functionality or draining a device’s battery,” says the report.  Medical data generated by the devices could be wiped or stolen; therapies could be altered—say, to make a pump release more insulin.


One big reason for the lack of security: Most, if not all, of these devices don’t actually require passwords. That may sound ridiculous, seeing as we’re used to plugging in passwords to perform such low-stakes activities as logging into a website commenting system. But it’s not so simple as turning on an authentication process, says the report. For one thing, a good security system could slow down medical treatment in case of an emergency. Furthermore, according to some, locking down the devices could sap batteries, and swapping out power supplies for an implantable defibrillator requires surgery. But others whom the GAO consulted said that technology has progressed to the point that it would not drain a battery too much to add an authentication process.

For a long time, the FDA had focused on unintentional threats to implanted medical devices—like interference from electromagnetic activity. But in response to the report, the agency says it has begun examining these potential security risks in earnest.

In other news of the FDA and new technologies, a new bill proposed by Rep. Mike Honda, D-Calif., would establish an Office of Mobile Health within the agency to evaluate apps that claim to provide health care of some sort. The Healthcare Innovation and Marketplace Technologies Act, Honda said in a statement, would help lower barriers to entry for startups in the health space.  

Future Tense is a partnership of SlateNew America, and Arizona State University.

Torie Bosch is the editor of Future Tense, a project of Slate, the New America Foundation, and Arizona State that looks at the implications of new technologies. 



More Than Scottish Pride

Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself. 

What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture

Why Greenland’s “Dark Snow” Should Worry You

Three Talented Actresses in Three Terrible New Shows

Why Do Some People See the Virgin Mary in Grilled Cheese?

The science that explains the human need to find meaning in coincidences.


Happy Constitution Day!

Too bad it’s almost certainly unconstitutional.

Is It Worth Paying Full Price for the iPhone 6 to Keep Your Unlimited Data Plan? We Crunch the Numbers.

What to Do if You Literally Get a Bug in Your Ear

  News & Politics
Sept. 16 2014 7:03 PM Kansas Secretary of State Loses Battle to Protect Senator From Tough Race
Sept. 16 2014 2:35 PM Germany’s Nationwide Ban on Uber Lasted All of Two Weeks
The Vault
Sept. 16 2014 12:15 PM “Human Life Is Frightfully Cheap”: A 1900 Petition to Make Lynching a Federal Offense
  Double X
The XX Factor
Sept. 15 2014 3:31 PM My Year As an Abortion Doula
  Slate Plus
Slate Plus Video
Sept. 16 2014 2:06 PM A Farewell From Emily Bazelon The former senior editor talks about her very first Slate pitch and says goodbye to the magazine.
Brow Beat
Sept. 16 2014 8:43 PM This 17-Minute Tribute to David Fincher Is the Perfect Preparation for Gone Girl
Future Tense
Sept. 16 2014 6:40 PM This iPhone 6 Feature Will Change Weather Forecasting
  Health & Science
Sept. 16 2014 1:39 PM The Case of the Missing Cerebellum How did a Chinese woman live 24 years missing part of her brain?
Sports Nut
Sept. 15 2014 8:41 PM You’re Cut, Adrian Peterson Why fantasy football owners should release the Minnesota Vikings star.