First let me say this: I am not trying to create mass panic. We are not having a crisis, epidemic, pandemic or any other world ending situation. You should not refuse medical treatment because of anything I point out in this short blog entry.
Recently a security researcher found a way to take control of an insulin pump and dole out a potentially lethal dose of insulin. The device is made by a large corporation and is widely used today. It uses wireless technology with no encryption. Yes...you read that right. Wireless...no encryption. I know, I know...it should be a no-brainer these days to encrypt all wireless communications but evidently it's not. The researcher had to customize the communication device and write a customized program to connect to the insulin pump. But if he can do it, so can the next guy. This isn't the first of such discoveries. A couple of years ago, certain types of pacemakers were discovered to have a similar flaw.
This is why it is so important for all projects your company works on, not just IT projects, to go through a formalized information security and privacy review before getting the green light for production. If you are buying products, especially those you sell, configure or install for others, you should do a thorough information security and privacy review during your procurement process. Ask the vendors if they've done security testing. Ask them for independent verification. If they can't or won't provide the information you must assume it wasn't done and you'll need to do your own validation. Information and communications are everywhere. Even inside our own bodies. Welcome to the Matrix.