Wireless medical devices should go through more stringent pre-market review and post-market surveillance to protect against information technology security threats that could impact safety and effectiveness, the Government Accountability Office concluded in a report to Congress.
However, the threat of an intentional hacking of a device must be weighed against potential adverse effects that could result from increased security measures, such as limiting a product's performance or battery life, GAO said in its report released Sept. 27 titled "Medical Devices: FDA Should Expand Its Consideration of Information Security for Certain Types of Devices." ...
Brad Thompson, an attorney who represents industry at Epstein Becker & Green, warned against over-reacting to "hypothetical" or "fantastical" problems.
"I just find it politically driven, this notion of trying to create fear out of the idea that somebody could hurt someone else anonymously," Thompson said. "That's not a new idea. The fact is that we're sort of jousting at windmills. We've never even seen this happen."
He pointed out that the some of the technical safeguards to mitigate cyber security threats could cost significant amounts of money and come with certain trade-offs for the devices in question, such as shorter battery life or usability issues.
"None of this activity that they're contemplating is either free or without trade-off," he said. ...
Thompson said industry is aligned with FDA on the need to do what it can to address the risks identified and enumerated in the GAO report.
"We want people to have confidence in the products that are implanted in them," he said.
Thompson called for a "rational balance in the middle, where we're doing what we should responsibly do, using passwords and encryption and other mechanisms that are being developed by the [information technology] experts to combat these random acts of disruption."
However, he added, he does not think wireless medical devices should necessarily be held to a higher standard than other industries that may be at greater risk of attack by hackers.