FDA lends an ear to medical device hackers

After years of inaction amid increasing concern, the FDA has reached out to medical device users who have identified security problems with their pumps and implants, encouraging would-be hackers to report their findings to the agency.

Jay Radcliffe, the man who figured out how to rig his Medtronic ($MDT) insulin pump to deliver a fatal dose, told Bloomberg that regulators have changed their tune with respect to device security, and while the FDA doesn't yet have the internal expertise necessary to vet for hackability, the agency has opened its ears to potential vulnerabilities.

"Everything that's occurred in the last two years, as painful as it has been at times, has really gotten us to a position where we can make these devices safer," Radcliffe told the news service.

The FDA's newfound interest in device security follows years of goading from private citizens, watchdogs and other governmental groups, and, last month, the agency finally issued a draft guidance that would require device companies to include cybersecurity information along with clinical data when seeking approval.

Last year, when both the Department of Homeland Security and Government Accountability Office got on the FDA's case about the hackability of approved devices, the agency agreed in principle but pointed to the lack of real-world instances to defend its inaction.

But that was before device security issues became so commonplace, CDRH's William Maisel said. Where once the agency heard reports of system failures a few times a year, the FDA now fields such complaints multiple times a month, Maisel said. Now, considering the growing popularity of cloud-based data sharing, the agency must ensure patient privacy is protected, he said.

"It's not hard to see where the technology is going," Maisel told Bloomberg. "It's not just about the vulnerability in the one implantable device the researcher was able to get into. We're headed to interconnectedness, to connected health care."

- read the story

Special Report: Timeline: The industry gets serious about device hacking