SAN FRANCISCO (AP) — Two lawmakers are requesting a review of the government’s security standards for wireless medical devices after a diabetic discovered how to remotely reprogram his and other people’s insulin pumps.
Reps. Anna Eshoo of California and Edward Markey of Massachusetts, both Democrats, asked the Government Accountability Office, the investigative arm of Congress, to evaluate the Federal Communications Commission’s efforts to identify the risks of implants and other medical devices that use wireless communications technologies.
They cited new research by Jay Radcliffe, a 33-year-old computer security expert from Idaho, who demonstrated at a conference this month that he could hack into an insulin pump he wears on his body and get it to respond to an unauthorized remote control.
He didn’t identify the specific vulnerabilities that allowed him to perform the attack, but has privately alerted the device maker — which he did not name — about the issues. Others are likely vulnerable as well.
The techniques raise the possibility of someone roaming a hospital’s halls performing sinister attacks. Diabetics could get too much or too little insulin, a hormone they need for proper metabolism.
Similar attacks have also been shown against pacemakers and defibrillators.
Radcliffe told The Associated Press that he experienced “sheer terror” upon finding that “there’s no security around the devices which are a very active part of keeping me alive.”
The U.S. Food and Drug Administration has said that any medical device with wireless communication components can fall victim to eavesdropping. It warns device makers that they are responsible for securing their equipment.
Eshoo and Markey wrote in a letter dated Monday that they would like the GAO to investigate the extent to which the FCC, which establishes technical requirements for radio communications, is ensuring the safety of wireless medical devices and coordinating with the FDA.
“In bringing forward innovative wireless technologies and devices for healthcare, it’s critical that these devices are able to operate together and with other hospital equipment, and not interfere with each other’s activities and data transmissions,” they wrote. “It’s also important that such devices operate in a safe, reliable, and secure manner.”