Medical device security: Should medical device software be open source?
Karen Sandler, the woman in charge of open-source software company GNOME, has been fighting to view the source code for her Medtronic (NYSE:MDT) EnTrust cardioverter since she received the implant in 2008.
Sandler, formerly a lawyer at the Software Freedom Law Center, called three major defibrillator manufacturers, offered to sign non-disclosure agreement and went as far as to request the information as part of the Freedom of Information Act but has had no luck.
“I don’t want to rely on Medtronic for something as essential as my heart” said Sandler, when she opened up about her plight at OSCON 2011. Despite Sandler’s arguments, Med-tech colossus Medtronic Inc. (NYSE:MDT) has kept its code proprietary.
Sign up to get our free newsletters delivered right to your inbox.
"Software/firmware that runs on Medtronic devices is highly specialized to both our application as well as our unique, custom hardware platforms; to that end, it is not likely that a patient would see value in viewing software for our platforms," responded Medtronic’s public relations department in a prepared statement.
Sandler’s fears are not entirely unfounded. In July 2010, she wrote a paper called “Killed by Code: Software Transparency in IMDs” noting that at least 212 deaths occurred from device failures in five different brands of implanted medical devices from 1997 to 2003, ZDNet reported.
Sandler isn’t alone in her plea for information from the med-tech giant. In August, Jay Radcliffe, diabetic and cyber threat intelligence analyst at IBM hacked his own Medtronic insulin pump, accusing the company of ignoring his warnings.
Radcliffe’s story recently got the attention of several members of Congress, who urged the Government Accountability Office to investigate the safety and security of wireless medical devices.