Forgot your password?
typodupeerror
Medicine Education Security Science

Course Asks University Students To Tackle Medical Device Insecurity 38

Posted by Soulskill
from the putting-your-pacemaker-through-its-paces dept.
chicksdaddy writes "The University of Michigan will be among the first to offer graduate students the opportunity to study the security of advanced medical devices. The course, EECS 598-008 'Medical Device Security' will teach graduate students in UMich's Electrical Engineering and Computer Science program 'the engineering concepts and skills for creating more trustworthy software-based medical devices ranging from pacemakers to radiation planning software to mobile medical apps.' The new course comes amid rapid change in the market for sophisticated medical devices like insulin pumps, respirators and monitoring stations, which increasingly run on versions of the same operating systems that power desktops and servers. In 2011, the U.S. Food and Drug Administration reported that software failures were the root cause of a quarter of all medical device recalls (PDF)."
This discussion has been archived. No new comments can be posted.

Course Asks University Students To Tackle Medical Device Insecurity

Comments Filter:
  • overregulation... (Score:4, Insightful)

    by Anonymous Coward on Tuesday January 15, 2013 @03:24PM (#42595203)

    Meh... that industry is over-regulated. The excessive regulation is causing the very problems that it proposes to solve. No one can deploy fixes because each iteration has to go through draconian certifications. When a product in this field meets a deadline... that's it... so rather than releasing v1.0 which gets patched, it just goes out un-patched.

    It's the classic argument against the waterfall model... hmmm... we planned really hard, but there were still problems... the solution is clearly to plan even harder next time. Doesnt work.

    No one will make an innovative product, because they like the status quo. The incumbents are more than happy about the over-regulation, because the barrier to entry stops new entrants from entering the competition and reducing rents.

    Take EHR... (electronic health records)... this is an easy problem... just have an electronic notebook and attach tests results as files, prescriptions as records, etc... why has it not been fixed? HIPPA and other regulatory restrictions. Oh no... we cant just save your chest X-Ray as a TIFF file with a date, time, and location... it must be part of an integrated database thing... seriously... the web (just a bunch of linked files) solved this problem decades ago.

  • by twasserman (878174) on Tuesday January 15, 2013 @05:08PM (#42596407)
    I think that the FDA should require medical device makers to submit the source code of any device that is considered for approval. If someone is going to implant a device in my body, then I want the opportunity to see what it does and how it does it. What data is it collecting? What data is it transmitting? Can the operation of the device be modified or shut down over-the-air? As an example, is the algorithm for a heart pacemaker written efficiently so that battery life is maximized, thus reducing the need for repeated surgery?

    This proposal raises the question of whether the creator of a device can protect the associated intellectual property if they are required to include source code as part of their submission for approval. I hope that we can have that discussion instead of continuing to treat all medical devices as black boxes.

All warranty and guarantee clauses become null and void upon payment of invoice.

Working...