ABSTRACT
Software failures were responsible for 24% of all the medical device recalls in 2011, according to data from the U.S. Food and Drug Administration (FDA), which said it is gearing up its labs to spend more time analyzing the quality and security of software-based medical instruments and equipment. The FDA’s Office of Science and Engineering Laboratories (OSEL) released the data in its 2011 Annual Report on June 15, amid
reports of a compromise of a website used to distribute software updates for hospital respirators. According to the agency: “The absence of solid architecture and ‘principled engineering practices’ in software development affects a wide range of medical devices, with potentially life-threatening consequences …”. Recent research done on the security of medical devices by a team of researchers identified software security vulnerabilities in software that controlled an automated external defibrillator (AED), which is used to treat cardiac arrhythmias. The researchers also found that the device would accept unsigned, counterfeit software updates [1].
