Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

DSpace/Manakin Repository

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

Citable link to this page


Title: Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance
Author: Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Kramer, Daniel Bruce; Baker, Matthew Charles; Reynolds, Matthew R.

Note: Order does not necessarily reflect citation order of authors.

Citation: Kramer, Daniel B., Matthew Baker, Benjamin Ransford, Andres Molina-Markham, Quinn Stewart, Kevin Fu, and Matthew R. Reynolds. 2012. Security and privacy qualities of medical devices: An analysis of FDA postmarket surveillance. PLoS ONE 7(7): e40200.
Full Text & Related Files:
Abstract: Background: Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods: We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results: Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions: Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.
Published Version: doi:10.1371/journal.pone.0040200
Other Sources:
Terms of Use: This article is made available under the terms and conditions applicable to Other Posted Material, as set forth at
Citable link to this page:
Downloads of this work:

Show full Dublin Core record

This item appears in the following Collection(s)


Search DASH

Advanced Search