The subject of electronic implant hacking has been inducing waves of panic among the general public on and off since 2008, when a team of researchers famously demonstrated that it could maliciously hack a Medtronic implantable cardioverter-defibrillator (ICD). However, the most recent wave of inflammatory headlines comes courtesy of a security researcher that captivated a crowd at the recent Black Hat security conference during a presentation on how he hacked his own insulin pump. To many in the industry, the presentation, while interesting, merely represented the latest proof that implant hacking can be done--a fact that has already been well established. But, as it turns out, the insulin pump security breach could just be the news story that initiates change in terms of medical implant security.
Implant hacking has been fodder for interesting debate in the medical device industry during the past few years, and has even prompted research into technologies for mitigating such a security risk. Yet despite the flurry of interest in the area, OEMs seem content to adopt a wait-and-see approach in regards to bolstering implant security based on the admittedly low risk of such an intrusive event being perpetrated. But could change be on the horizon?
Last week, two senior members of the Energy and Commerce Committee, Representatives Anna G. Eshoo (D-CA) and Edward J. Markey (D-MA), wrote a letter to the Government Accountability Office requesting a report on the extent to which FCC is:
- Identifying the challenges and risks posed by the proliferation of medical implants and other devices that make use of broadband and wireless technology.
- Taking steps to improve the efficiency of the regulatory processes applicable to broadband and wireless enabled medical devices.
- Ensuring wireless enabled medical devices will not cause harmful interference to other equipment.
- Overseeing such devices to ensure they are safe, reliable, and secure.
- Coordinating its activities with the Food and Drug Administration.
"In bringing forward innovative wireless technologies and devices for healthcare, it's critical that these devices are able to operate together and with other hospital equipment, and not interfere with each other's activities and data transmissions. It's also important that such devices operate in a safe, reliable, and secure manner," they wrote.
By requesting this report, the federal lawmakers could be opening quite the bag of worms. Their concerns are certainly valid in terms of ensuring that devices operate in a safe manner and that implants won't interfere with other medical equipment. But will this request for a probe ultimately be the catalyst for new requirements and regulations? It will be interesting to see what effect, if any, this initial request for investigation has on the future of wireless-enabled medical devices. --Shana Leonard