|Every workshop needs a bench and a good dremel. |
Photo credit: Travis Goodspeed
Unless you've been living under a rock, you have probably heard the announcement about the FDA Workshop on Collaborative Approaches for Medical Device and Healthcare Cybersecurity. Or as the Google translation service explains (select translate Government-ese to English): it's an FDA workshop on medical device security.
This workshop is a follow up to the draft FDA guidance on cybersecurity published in 2013 [here and here].
FDA workshops typically provide time to hear from a broad set of interest groups and stakeholders. In the hallways, you will likely see representatives or lobbyists from manufacturing associations, patient groups, physician groups, the cybersecurity industry, and more. And what might be surprising to the jaded reader: most attendees want the same thing, improved medical device security.
I will be moderating one of the technical panels at the FDA workshop, but I look forward to hearing the perspectives from all the panels.
Here's a quick look back at selected moments in medical device security history so you can prepare for the meeting of minds:
- 2006 talk at FDA on medical device security challenges [slides, paper]
- 2008 research showing security flaws and fixes in a pacemaker/ICD [paper, more]
- 2009 Medical device security Winter begins (Kevin has a baby)
- 2010 Medical device security Winter ends (baby goes to college)
- 2011 demonstration of security analysis of an insulin pump
- 2011 VA, MDISS, and GE present medical device security issues to NIST ISPAB
- 2011 written testimony on trustworthy medical device software for the U.S. Senate
- 2011 research paper on problems and approaches for insulin pump security
- 2011 research paper on improving security with a friendly RF shield
- 2011 raising security awareness for users of insulin pumps by insulin pump user
- 2012 NIST Information Security and Privacy Advisory Board letter to HHS Secretary Sebelius
- 2012 Institute of Medicine commissioned report on trustworthy medical device software
- 2012 NIST on economic incentives to improve medical device security
- 2012 ACM MedCOMM Workshop
- 2012 demo of pacemaker/defibrillator security analysis
- 2013 First graduate course on medical device security offered
- 2013 Archimedes Center for Medical Device Security launches annual workshop
- 2013 FDA publishes draft guidance on medical device security
- 2014 NIST ISPAB on emerging standards and guidance for medical device security
- 2014 Survey paper on IMD security at IEEE Symposium on Security and Privacy
This list is far from complete, so feel free to suggest other moments of medical device security history by posting a comment on this blog along with a link to primary sources of written reports, videos, etc. Keep the bulleted text to one line.
Several other research papers on medical device security can be found on the http://secure-medicine.org/publications archive. You can also find all the secure-medicine.org blog postings indexed at http://blog.secure-medicine.org/p/index.html.