Medical Devices: FDA Should Expand Its Consideration of Information Security for Certain Types of Devices | |
United States. Government Accountability Office. | |
United States. Government Accountability Office. | |
关键词: Government accountability -- United States.; information security; health care; medical devices; letter report; | |
RP-ID : GAO-12-816 RP-ID : 647764 |
|
美国|英语 | |
来源: UNT Digital Library | |
【 摘 要 】
A letter report issued by the Government Accountability Office with an abstract that begins "Several information security threats exist that can exploit vulnerabilities in active implantable medical devices, but experts caution that efforts to mitigate information security risks may adversely affect device performance. Threats to active devicesthat is, devices that rely on a power source to operatethat also have wireless capability can be unintentional, such as interference from electromagnetic energy in the environment, or intentional, such as the unauthorized accessing of a device. Several experts consider certain threats to be of greater concern than others; for example, experts noted less concern about interference from electromagnetic energy than other threats. Incidents resulting from unintentional threats have occurred, such as a malfunction resulting from electromagnetic interference, but have since been addressed. Although researchers have recently demonstrated the potential for incidents resulting from intentional threats in two devicesan implantable cardioverter defibrillator and an insulin pumpno such actual incidents are known to have occurred, according to the Food and Drug Administration (FDA). Medical devices may have several such vulnerabilities that make them susceptible to unintentional and intentional threats, including untested software and firmware and limited battery life. Information security risks resulting from certain threats and vulnerabilities could affect the safety and effectiveness of medical devices. These risks include unauthorized changes of device settings resulting from a lack of appropriate access controls. Federal officials and experts noted that efforts to mitigate information security risks need to be balanced with the potential adverse effects such efforts could have on devices performance, including limiting battery life."
【 预 览 】
Files | Size | Format | View |
---|---|---|---|
647764.pdf | 1166KB | download |