Group highlights med device security risks

Members of the Medical Device Security Center are concerned that devices like pacemakers and insulin pumps--which rely on wireless communication between physicians and the implant--are susceptible to outside threats. A security breach could expose sensitive patient information or even give unauthorized users control of the device itself.

Wireless device security currently falls outside the FDA's area of device regulation. "Our concern for products is: Are they safe and are they effective?'' FDA spokeswoman Karen Riley tells the Boston Globe. "We don't weigh in on security per se, but on measures like encryption that might affect or could have an impact on product safety and effectiveness, we might look at it.'' 

Cleveland Clinic physician Bruce Wilkoff notes that while devices do present a small security risk, in many cases hackers would have to be extremely close to the device itself in order to collect any data. The information collected would be similar to what's displayed on a hospital monitor. "The risk here is very small. The advantage of having connectivity is really important,'' notes Wilkoff.

Center members have managed to crack the devices in lab tests, but so far no real-world incidents have been reported. As it stands now, accidental interruptions are more likely than deliberate attacks, but "security and privacy have much room to improve for medical devices," says Kevin Fu, a director of the Center.

- read the Boston Globe report