The U.S. Food and Drug Administration (FDA) recently announced some proposed guidelines for managing cybersecurity in medical devices. This is certainly interesting particularly as it relates to the Internet of Things (IoT). This is highlighted in an article in TechNewsWorld – FDA Guidelines Target IoT Medical Device Security.
However, as we all know and as the article states the operating systems and the applications that run on top of these devices are fraught with security issues. Identifying vulnerabilities is one thing, getting the OEM’s to address the issues by providing timely patches and re-configuration recommendations is another matter altogether.
We certainly need more than guidelines for medical product security. There needs to be laws passed to enforce vigilant assessments and remediation for security flaws in these products. We must not forget that there are living, breathing patients hooked up to these lifesaving medical devices. A hacker exploiting a flaw that causes a device to fail could potentially kill the patient. This would change the hacker’s status to now be a murderer.
Christopher Karr, CISSP is a Director of CyberSecurity at IGI