A recent Forbes article on the threat of medical device hacking is the latest in a steady drumbeat of calls for more attention to be paid to medical device security.
Contributor Marc Weber Tobias, a security expert and investigative attorney, paints a frightening picture for readers:
Just think of the possibilities: a spouse or business partner decides it is time for a change. She (or he) obtains the needed software and wireless link and triggers a fatal cardiac event. If you had an implanted insulin pump or defibrillator which could be attacked with a small transmitter and computer, would you feel secure knowing that someone “near to you” could access your implanted device and end your life?
He writes that three problems are contributing to the lack of security in software-enabled medical devices:
Tobias takes aim at FDA’s lack of regulation and expertise in the area of security and laments that there is no single agency tasked with ensuring the security of medical devices. He also blames the 510(k) process and home health devices for contributing to the problem.
“There is almost a complete lack of regard in the medical devices software domain for the specification of requirements as to operation and diagnostics to indicate failure,” he writes.
Those are pretty strong words. Do you agree? Tell us in the comments.