The U.S. Food and Drug Administration is looking for ways to improve how it tracks medical device safety and security issues, such as malware risks.
"We are reviewing all our processes and procedures and will come out with a plan," says Brian Fitzgerald, deputy director of the FDA's division of electrical and software engineering. For example, the FDA is considering whether to toughen requirements related to reporting safety and security issues.
The FDA has taken into account the findings of a recent Government Accountability Office report that recommended the FDA develop a plan to improve post-market surveillance of information security issues in medical devices, he says.
In a recent report, the FDA proposed several ways to improve post-market medical device surveillance for adverse events and safety issues, including malware-related incidents.
Last year, news about an ethical hack of a Medtronic wireless insulin pump via the Internet called attention to the medical device security issue. The Medtronic pump vulnerability was discovered by Barnaby Jack, an ethical hacker who joined security software vendor McAfee after gaining notoriety by finding ways to hack into ATMs used at convenience stores and then force them to produce cash. The manufacturers have since fixed the flaw by updating the software that runs ATMs.
This week at a conference in Australia, Jack reportedly demonstrated how a heart pacemaker can be hacked and programmed to deliver a high voltage shock to a patient.
Click here to read the full article.