This turned up a few days ago.
Death by defibrillator: FDA called to address hacking risk
By Brian Alexander, NBC News Contributor
It sounds like a scenario out of a James Bond movie: a villain spots his quarry and uses a small device to hack into the official’s heart defibrillator, sending a signal for mayhem. There’s chest grabbing, and a collapse, and alarms, but the bad guy walks free because there’s no gun, knife, poison dart -- no evidence at all a murder has been committed.
According to a recent report by the Government Accountability Office (GAO), a non-partisan agency that works for Congress, not only is such a scenario possible, there’s a growing danger that grandpa’s heart rhythm device, or, say, a child’s insulin pump – any implantable device that can be accessed remotely -- could be susceptible to hacking.
But the GAO report suggests that the Food and Drug Administration, which approves and regulates such devices, has been behind the curve when it comes to security and now is calling for the agency to set guidelines for manufacturers to help combat the threat of hacking.
According to the report, which had been requested by members of Congress in light of tests by researchers revealing the vulnerability of the medical technology, “there have been four separate demonstrations in controlled settings showing that the intentional exploitation of vulnerabilities in certain medical devices is possible.” The report stressed that there have been no proven cases of anybody actually doing this for nefarious purposes.
Still, when he released the GAO report, Congressman Edward J. Markey (D-Mass.), one of the requesting legislators, issued a statement saying that “wireless medical devices are susceptible to increasingly advanced hacking techniques that could threaten patient health.”
The susceptibility stems largely from their wireless communications abilities, explained Nathanael Paul, chief scientist at the Center for Trustworthy Embedded Systems at Oak Ridge National Laboratory. In 2010, Paul and a colleague demonstrated they could hack into an insulin pump, like the one Paul himself wears to treat his Type 1 diabetes.
Thanks to wireless communication, doctors can download diagnostic information and health status from the device to a computer and make changes in the performance of a device without surgery. For example, defibrillators can be programmed using a wand that communicates with the device inside a patient’s chest.
Lots more here.
Oh dear, oh dear!
Good to know all this has apparently not happened yet...as far as we know!
Sort this one out guys - and fast.
David.
