Tag Archives: FDA

Personal Medical Device Security

Former Vice President Dick Cheney spoke recently about how the wireless connection to his pacemaker was disabled in order to prevent attack. This is a warranted fear, as several years ago proof of concept attacks were shown against insulin pumps. Like much of embedded technology, it is extremely difficult to update medical devices when security flaws are found.

These flaws are even more problematic given the wireless technology that is included in many of the devices. The FDA just recently released guidelines for those connections, while Europe has had guidelines for the last two years. Without those, risks had been even higher for years.

Technological protections are starting to show up as well. RSA, for instance, is working on implementing encryption for these connections. There are also technologies that are more energy-efficient. These are not widely implemented, if at all. For now, absent those protections, devices should have their wireless turned off. The risk of exploitation is low for now, with no actual known attack made as of yet. The hypothetical impact of doing so, however, should give pause.