The Food & Drug Administration has appointed University of Michigan computer science researcher Kevin Fu to serve as the agency's Acting Director of Medical Device Cybersecurity.
Security researchers have demonstrated in the past how implanted medical devices such as insulin pumps and pacemakers can be compromised. A team from Virginia Polytechnic Institute and State University investigated how these devices could be used to compromise secure facilities used to work on classified information.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency warned in an advisory that cardio defibrillators from medical device company Medtronic can be modified while still implanted in patients. Without access control, the defibs can't differentiate between authorized and unauthorized instructions.
The Food and Drug Administration outlines what manufacturers have to do to develop secure medical devices on the draft of its premarket guidance. The FDA laid out recommendations on what information to provide when submitting the devices for premarket approval.