A report issued recently by the U.S. Government Accountability Office (GAO) highlighted the growing use of wireless technology in complex medical devices and the concerns over adequate protection for the devices against security risks that could affect their safety and effectiveness. The report called on the Food and Drug Administration (FDA) to tighten security requirements of medical devices.
The GAO report highlighted several vulnerabilities in modern medical devices, including untested software and firmware, inadequately-protected remote access capabilities and wireless communication, unencrypted data transfer, limited battery life and susceptibility to electromagnetic or radio interference. The report also pointed out the limited access available to many implanted medical devices for security patch updates and authorization procedures.
The FDA issued a statement in response to the report that the agency intends to enhance its efforts related to information security and strengthen its manufacturing standards for medical devices in the near future. The agency is currently planning to review its approach to evaluating software used in medical devices.
