In an opinion piece for The Hill's "Congress Blog," Darren Hayes -- chair of the computer information systems program at Pace University's Seidenberg School of Computer Science and Information Systems in New York -- writes that the federal government "must address the issue of medical device security."
He cites a recent Government Accountability Office report that found that implantable medical devices are vulnerable to multiple types of security threats, such as hacking and computer viruses. According to Hayes, such findings are a "clear indication" of the need for stronger medical device security policies.
Hayes writes that many medical device manufacturers will not allow for software updates to their products, even if such updates could protect a device from security threats. Some manufacturers might be concerned that FDA would not approve the software modifications, Hayes notes, adding that FDA ultimately "will need to provide standards and guidance on the types of updates that will be allowed for medical devices."
Hayes writes, "It is now time that medical device manufacturers are provided with new standards to protect patients from computer viruses," adding, "This change will only occur through Congressional legislation that includes stiff fines for noncompliance" (Hayes, "Congress Blog," The Hill, 10/24).