Last summer, hackers at the Black Hat security conference demonstrated a frightening possibility: that insulin pumps and other medical devices could be vulnerable to attacks and incursions.
Now the Government Accountability Office has weighed in on the issue. In a report released last week, the GAO asks the FDA to develop a strategy to address information security risks for insulin pumps, implantable defibrillators, and other medical devices. Just like websites, according to the experts the GAO consulted, these devices could be vulnerable to malware, unauthorized access, and denial of service attacks. “A denial-of-service attack could be launched using computer worms or viruses that overwhelm a device by excessive communication attempts, making the device unusable by either slowing or blocking functionality or draining a device’s battery,” says the report. Medical data generated by the devices could be wiped or stolen; therapies could be altered—say, to make a pump release more insulin.
One big reason for the lack of security: Most, if not all, of these devices don’t actually require passwords. That may sound ridiculous, seeing as we’re used to plugging in passwords to perform such low-stakes activities as logging into a website commenting system. But it’s not so simple as turning on an authentication process, says the report. For one thing, a good security system could slow down medical treatment in case of an emergency. Furthermore, according to some, locking down the devices could sap batteries, and swapping out power supplies for an implantable defibrillator requires surgery. But others whom the GAO consulted said that technology has progressed to the point that it would not drain a battery too much to add an authentication process.
For a long time, the FDA had focused on unintentional threats to implanted medical devices—like interference from electromagnetic activity. But in response to the report, the agency says it has begun examining these potential security risks in earnest.
In other news of the FDA and new technologies, a new bill proposed by Rep. Mike Honda, D-Calif., would establish an Office of Mobile Health within the agency to evaluate apps that claim to provide health care of some sort. The Healthcare Innovation and Marketplace Technologies Act, Honda said in a statement, would help lower barriers to entry for startups in the health space.
TODAY IN SLATE
More Than Scottish Pride
Scotland’s referendum isn’t about nationalism. It’s about a system that failed, and a new generation looking to take a chance on itself.
What Charles Barkley Gets Wrong About Corporal Punishment and Black Culture
Why Greenland’s “Dark Snow” Should Worry You
Three Talented Actresses in Three Terrible New Shows
Why Do Some People See the Virgin Mary in Grilled Cheese?
The science that explains the human need to find meaning in coincidences.
Happy Constitution Day!
Too bad it’s almost certainly unconstitutional.