Insulin pumpThe hack of a commercially available insulin pump earlier this month at the DEFCON hacker conference has attracted the attention of members of the House Energy & Commerce Committee, which is now calling for a formal review of wireless medical devices like the pump.

Senior Committee members Anna G. Eshoo (D-CA) and Edward J. Markey (D-MA) sent a letter to the Government Accountability Office (GAO) early this week calling on them to look into whether the new devices are “safe, reliable and secure. ” The issue stems from a hack shown at the popular Las Vegas conference where researcher Jerome Radcliffe — diagnosed with Diabetes 11 years ago — demonstrated how he could tweak the dosage levels on his pump remotely.

“With respect to wireless enabled medical devices, the Federal Communications Commission (FCC) is responsible for governing radio devices so as to provide for effective operation and communication, including allocating spectrum and specifying technical requirements to avoid harmful interference between users,” the letter reads.

While the medical sector has seen its own share of security lapses in the past, including breaches, Radcliffe’s hack has the potential to open the door for attackers whose aim isn’t to steal your money but your life.

Security researchers have demonstrated the vulnerability of implantable medical devices such as pacemakers before. In recent years, protections have been proposed. In 2009, researchers working in Switzerland and France demonstrated a method for blocking remote, wireless access to implanted medical devices to prevent the kind of attack Radcliffe demonstrated. 

Insulin pump image via cogdogblog’s Flickr photostream (Creative Commons)

Categories: Government, Malware, Social Engineering, Vulnerabilities