The Government Accountability Office has released a report warning that medical devices are vulnerable to hacking and calling for greater FDA oversight of such devices, Bloomberg Businessweek reports.
Background on Report
The report was requested last year by Democratic Reps. Donna Edwards (Md.), Anna Eshoo (Calif.) and Edward Markey (Mass.).
The lawmakers asked GAO to review medical device safety issues after researchers demonstrated that hackers could remotely manipulate the operation of insulin pumps (Robertson, Bloomberg Businessweek, 9/27).
In the report, GAO noted that FDA has focused on the fact that unintentional interference -- such as electromagnetic activity -- could affect medical devices. FDA has devoted less time to examining how hacking attacks could harm medical devices, GAO said (Viebeck, "Healthwatch," The Hill, 9/27). The report stated that FDA "has not considered information security risks resulting from intentional threats" (Smith, NextGov, 9/27).
However, the report noted that there have been no documented instances of medical device hacking, aside from those performed for research purposes ("Healthwatch," The Hill, 9/27).
To better ensure the safety of medical devices, GAO recommended that FDA oversee the identification and investigation of security breaches that could affect equipment such as:
- Insulin pumps; and
Lawmakers Comment on Report
Eshoo in a statement said, "Implantable medical devices have resulted in tremendous medical benefits for the patients who use them, but the demonstrated security risks require a renewed emphasis by the FDA and manufacturers to identify, evaluate and plug the potentially rare but serious security holes that exist in these devices" (Bloomberg Businessweek, 9/27).
Markey in a statement said that the GAO report "underscores the need to require manufacturers to acknowledge these threats and for FDA to address the risks before the devices are sold to the public" ("Healthwatch," The Hill, 9/27).