Course Asks University Students To Tackle Medical Device Insecurity 38
chicksdaddy writes "The University of Michigan will be among the first to offer graduate students the opportunity to study the security of advanced medical devices. The course, EECS 598-008 'Medical Device Security' will teach graduate students in UMich's Electrical Engineering and Computer Science program 'the engineering concepts and skills for creating more trustworthy software-based medical devices ranging from pacemakers to radiation planning software to mobile medical apps.' The new course comes amid rapid change in the market for sophisticated medical devices like insulin pumps, respirators and monitoring stations, which increasingly run on versions of the same operating systems that power desktops and servers. In 2011, the U.S. Food and Drug Administration reported that software failures were the root cause of a quarter of all medical device recalls (PDF)."
overregulation... (Score:4, Insightful)
Meh... that industry is over-regulated. The excessive regulation is causing the very problems that it proposes to solve. No one can deploy fixes because each iteration has to go through draconian certifications. When a product in this field meets a deadline... that's it... so rather than releasing v1.0 which gets patched, it just goes out un-patched.
It's the classic argument against the waterfall model... hmmm... we planned really hard, but there were still problems... the solution is clearly to plan even harder next time. Doesnt work.
No one will make an innovative product, because they like the status quo. The incumbents are more than happy about the over-regulation, because the barrier to entry stops new entrants from entering the competition and reducing rents.
Take EHR... (electronic health records)... this is an easy problem... just have an electronic notebook and attach tests results as files, prescriptions as records, etc... why has it not been fixed? HIPPA and other regulatory restrictions. Oh no... we cant just save your chest X-Ray as a TIFF file with a date, time, and location... it must be part of an integrated database thing... seriously... the web (just a bunch of linked files) solved this problem decades ago.
Source code access for medical devices (Score:5, Insightful)
This proposal raises the question of whether the creator of a device can protect the associated intellectual property if they are required to include source code as part of their submission for approval. I hope that we can have that discussion instead of continuing to treat all medical devices as black boxes.