Regulatory Focus™ > News Articles > Researchers Say They Can Stop Medical Device Hackers From Gaining Unauthorized Access

Researchers Say They Can Stop Medical Device Hackers From Gaining Unauthorized Access

Posted 13 April 2012 | By Alexander Gaffney, RAC 

After reports were issued by a government body warning government regulators of the susceptibility of life-sustaining medical devices to rogue hackers, researchers at the Universities of Purdue and Princeton have announced the creation of a prototype firewall that could prevent such attacks from occurring.

The previous report, issued by the National Institute of Standards and Technology, warned the US Food and Drug Administration (FDA) about the lack of security standards for devices to protect them from being hacked.

"There is currently no single federal agency with responsibility for ensuring that the devices are secure before they're marketed to the public," explained WiredMagazine. "There also is no entity that has been tasked with dealing with security problems that arise with systems that are already on the market."

NIST thus called on FDA to assume that responsibility, or to delegate it to another qualified regulatory oversight body.

One of the most frightening risks highlighted by the NIST report was a researcher's ability to "influence any pump within a 300ft range" and "make that pump dispense its entire 300 unit reservoir of insulin" into the patient. This would almost certainly have deadly consequences to the patient implanted with the device.

The security researchers at Purdue and Princeton, however, say their prototype firewall would stop many of these hypothetical attacks from occurring.

The firewall exists as a wearable device, dubbed MedMon-or medical monitor-which protects numerous devices at once from intrusion by monitoring all communications going into and out of the body, and detecting unauthorized anomalies or intrusions.

"Upon detecting potentially malicious activity, the firewall can raise an alarm to the user or block "malicious packets" from reaching the medical device by using electronic jamming similar to technology used in military systems," the researchers explained in a press release.

"Someone could still learn that you have a medical device, but hopefully they are not going to be able to do anything bad to you. It is extremely difficult to make a system completely impregnable," said Purdue researcher Anand Raghunathan.

Read more:

Purdue - New firewall to safeguard against medical-device hacking

Regulatory Focus - Standards Board Warns of Potential Device Hacking, Calls for Increased FDA Authority

Regulatory Focus newsletters

All the biggest regulatory news and happenings.