The US Food and Drug Administration (FDA), following increased concerns regarding the security of medical devices, is in the midst of developing a cybersecurity laboratory, it announced this weekend.
The last several years have brought a drumbeat of warnings from security researchers, analysts and government agencies regarding the susceptibility of medical devices to hacking attempts. An April 2013 report from the National Institute of Standards and Technology (NIST) called for FDA to be given the authority to assess the security of medical devices before they are allowed to market, as well as the formation of a postmarketing surveillance database to track software vulnerabilities.
Then, in May 2013, the Department of Homeland Security (DHS) issued a similar warning, noting that FDA was then unable to regulate medical device use or users, including how they are linked together or configured within networks. This created issues, explains NCCIC, as the security of each individual network largely dictates how secure each individual device is.