Another wireless infusion pump has been announced. Wireless has the potential to revolutionize medicine, but what about the challenging security and privacy risks of wireless? I wonder how well the software system adheres to the classic open design principle for security engineering. What kind of cryptographic protocols are in place for secure updates of drug libraries? If SSL is used, how does the manufacturer revoke certificates when a CA is compromised? Does the device rely on proprietary techniques or sound security engineering? These are important types of questions to ponder when taking a previously non-wireless medical device and then exposing the device to the wild west of wireless. Meanwhile, it's still a vexing problem to protect a Facebook account from wireless compromise let alone a medical device.
According to this public database entry, this pump was cleared through the 510(k) process and deemed substantially equivalent to a predicate device. The database entry does not indicate whether the predicate device was wireless.