The chorus of concern over the hackability of life-saving medical devices now includes three House Democrats who are asking the FDA to strengthen its pre-market oversight of devices' software security.
Echoing a report by the Government Accountability Office, Reps. Donna Edwards (D-MD), Anna Eshoo (D-CA) and Edward Markey (D-MA) are calling on the FDA to increase its focus on the potential for "intentional threats" to device security.
The GAO report points out that the FDA has plenty of available resources, including the National Institute of Standards and Technology (NIST), which maintains a federal computer security database. So far, though, the FDA hasn't been proactive in ensuring device security, according to the GAO, and Edwards said the agency needs to start taking the matter much more seriously.
"It is unacceptable that the Food and Drug Administration is ignoring the resources of other government agencies in evaluating life-saving medical devices," Edwards said in a statement. "In the future, I expect the agency to utilize the computer security expertise offered by NIST and other federal agencies to assess the security risks posed by these devices. The FDA must address potential threats and close security gaps in order to have the full confidence of Congress and the American people."
For its part, the FDA says it agrees with the GAO that it should do more to ensure device security, but that breaches are not currently a widespread problem, Bloomberg reports. And the agency is right--there have been no reported hackings outside of a clinical setting, but that doesn't mean the threat isn't real, the representatives point out.
The issue came to widespread attention last year when Jay Radcliffe figured out how to hack his Medtronic ($MDT) insulin pump, revealing that it could be wirelessly forced to deliver a fatal dose. In the ensuing months, academics, security watchdogs and pundits pounced on the issue, pressuring the FDA to beef up its efforts to keep implants secure.