Feds to Probe Medical Device Vulnerabilities

Alarmed by new research showing the increasing vulnerability of wireless implanted medical devices, two members of Congress have asked for hearings on the security of these devices.

Representatives Anna Eshoo (D-CA) and Ed Markey (D-MA), both members of the House Energy and Commerce Committee, asked the GAO last week to examine whether the FCC is identifying the challenges. "In bringing forward innovative wireless technologies and devices for healthcare, it’s critical that these devices are able to operate together and with other hospital equipment, and not interfere with each other’s activities and data transmissions," the representatives wrote in a letter.

A few weeks ago at Black Hat, and again at DefCon, researcher Jay Radcliffe demonstrated how cybercriminals could compromise instructions to wireless insulin pumps. From a previous DeviceLine blog:

What he found was his monitor had no verification of the remote signal. Worse, the pump broadcasts its unique ID so he was able to send the device a command that put it into SUSPEND mode (a DoS attack). That meant Radcliffe could overwrite the device configurations to inject more insulin. With insulin, you cannot remove it from the body (unless he drinks a sugary food). The same overwrite of commands would also be possible with pacemakers as well.