

Insulin pump hacker says vendor Medtronic is ignoring security risk - bond
http://venturebeat.com/2011/08/25/insulin-pump-hacker-says-vendor-medtronic-is-ignoring-security-risk/

======
tokenadult
Medtronic is a local company in my town, and I know a LOT of people (including
at least one other HN participant) who work there. It will be interesting to
see what further follow-up there will be on this story. I wonder what form of
authentication of signals to devices will be required by FDA regulation after
this issue is explored in depth.

Note: one person I know in the medical device industry in this town points out
that the whole medical device industry has a completely different orientation
to bugs and hardware failures from most other industries. He used to work in
civil passenger aviation avionics, where even one failure in millions of
flights is unacceptable. The same point of view pervades the medical device
industry--although sometimes more as an aspiration than as an actual
accomplishment. Software writers for medical devices can expect full code
reviews before a regulated device is approved by the FDA. Time to market is
MUCH slower for a new medical device than for most new electronic products,
because of all the regulated testing each new device must go through.

