The Food and Drug Administration will begin looking at external security vulnerabilities of the software in medical equipment after inquiries from congressional investigators.
A report issued Thursday by the Government Accountability Office (PDF) found that for wireless medical devices, the FDA “did not consider information security risks from intentional threats as a realistic possibility until recently.”
Agency officials told the authors of the GAO report that they plan to re-examine their evaluations of software used in medical devices and add an assessment of “information security risks.”
“Although researchers have recently demonstrated the potential for incidents resulting from intentional threats in two devices—an implantable cardioverter defibrillator and an insulin pump—no such actual incidents are known to have occurred, according to the FDA,” the report noted.