Medical Device Security: A Call to Action
September 24, 2012
There is no shortage of risks to elevate the stress of an IT security practitioner. It is a condition that we all readily accept as part of the profession and, in some perverse way, enjoy as it provides the fuel for the hunt.
One risk of particular concern is the security of the IT components embedded within medical devices (see: Monitoring Medical Devices: An Update).
The Food and Drug Administration classifies devices used for providing medical care into classes, I, II and III. The Class III, and in some cases Class II, devices are required to obtain FDA 501K certification. Such certification is required to ensure the devices perform as intended, are reliable and cannot fail in such a way as to cause harm to a patient.