In 2003 Barry Eisler released Rain Fall, his first novel. In it, the assassin John Rain kills his target by hacking into his pacemaker using a program he installed on his PDA.
In December 2012, the Showtime series Homeland depicted the assassination of the Vice President by having a terrorist group remotely take control of the VP's pacemaker and induce a fatal heart attack.
Last month -- finally -- the Center for Devices and Radiological Health (a department of the US Food and Drug Administration) released for comment a set of proposed guidelines to make medical devices incorporate more protections against cybersecurity attacks. Just this week the FDA said that it is aware of dozens of cybersecurity attacks which have effected hundred of devices...but to date they are unaware of any patients that have been harmed from such attacks.
While the proposed guidelines are fairly benign from a security standpoint, their implementation may have a significant impact on the $300 billion medical device industry -- an industry which has always (and somewhat appropriately :) ) tipped the balance toward functionality versus security.
The guidance is located here. Give it a looksee...and as security guys, consider commenting if you have concerns. We can only make things beter if we make our voices heard.
No comments:
Post a Comment