14 DAY TRIAL // The Information Security and Privacy Advisory Board have sent a letter to the Office of Management and Budget to point out the serious cyber threats that target medical devices, urging the organization to take immediate action.
Last year, at the Black Hat security conference in Las Vegas, security researcher Jerome Radcliffe demonstrated how an insulin pump on which the lives of many individuals depend can be hacked and altered.
As a result of Radcliffe’s and other experts’ research, the Board concluded that serious measures should be taken to protect devices such as insulin pumps, defibrillators and pacemakers against cyberattacks.
According to the letter, provided by Wired, the Office of Management and Budget is asked to consider giving a single government agency, such as the Food and Drug Administration (FDA), or the Department of Health and Human Services (HHS) the responsibility to ensure that medical devices are protected against threats that originate from cyberspace.
Furthermore, it’s believed that the FDA should closely collaborate with the National Institute of Standards and Technology (NIST) in finding a way to secure the wireless apparatus by default, to eliminate the necessity of later installing a third party protection software.
The Board also recommends issuing “how to” instructions. All actors involved, including health organizations, customers, and manufacturers, should be trained and educated regarding the risks posed by the use of wireless medical devices.
The letter also advises on the creation of special reporting categories by the United States Computer Emergency Readiness Team (US-CERT).
“Coordination is necessary with US-CERT to establish mechanisms that incentivize Government, providers, and manufacturers to collect cybersecurity threat indicators so that the country is prepared fr the inevitable growth in device incident reports,” the letter reads.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile or follow me at @EduardKovacs1