Friday, June 14, 2013 1:31:22 PM
Quote:
______________________________________________________
Protect Medical Devices From Cyber Attacks, FDA Urges
Article Date: 14 Jun 2013 - 10:00 PDT
The FDA is urging medical device makers and health care facilities to make sure there are proper safeguards in place to protect their medical devices from cyber threats.
The FDA (Food and Drug Administration) said on Thursday that its warning is directed specifically at biomedical engineers, health care IT and procurements staff, medical device user facilities, hospitals and medical device manufacturers.
A cyber attack may be caused when *malware is introduced into medical equipment, as well as unauthorized people gaining access to configuration settings in hospital networks and equipment.
*Malware is software that is created to disable or damage computers and computer systems, i.e. malicious software.
Most medical devices today contain embedded computer systems that are configurable, meaning they can be altered or tweaked, making them vulnerable to cyber-security breaches.
The threat has become more serious over the last fifteen years as a growing number of medical devices are interconnected through hospital networks, the Internet, smartphones and other medical devices. Every new type of connection increases their vulnerability to malicious attacks.
The FDA says that it has become aware of the following cyber-security vulnerabilities and incidents regarding hospital network operations and medical devices:
Medical devices that are configured and/or connected to a network being disabled by malware
Malware penetrating hospital smartphones, tablets, other mobile devices that use Wi-Fi technology to access patient information, implanted patient devices, and hospital computers
Lack of proper security regarding passwords, disabled passwords, and hard-coded passwords for software intended for selected personnel such as maintenance, technical or administrative staff
Not regularly updating medical device and network software
Not addressing vulnerabilities in legacy devices (older medical devices)
Security weaknesses in off-the-shelf software which is supposed to prevent unauthorized network or device access, such as hard-coded passwords, plain-text or no authentication, poor coding/SQL infection, and documented service accounts in service manuals
So far, the FDA has received no reports of specific systems or devices in clinical use being deliberately targeted, neither is it aware of any patient injuries or deaths caused by these incidents.
According to the FDA, American health and other authorities, medical device and software companies have been liaising closely to minimize the risk of cyber attacks.
What actions does the FDA recommend?
A high percentage of medical devices contain configurable embedded computer systems that are potential targets for cyber threats.
Recommendations for device manufacturers
It is the responsibility of medical device manufacturers to be on the lookout for potential risks and hazards related to their products, including cyber-security risks. They are also responsible for making sure appropriate mitigations are in place to guarantee patient safety and to make sure the device performs properly.
___________________________________________________________
http://www.medicalnewstoday.com/articles/262001.php
SYMC
Avant Technologies Equipping AI-Managed Data Center with High Performance Computing Systems • AVAI • May 10, 2024 8:00 AM
VAYK Discloses Strategic Conversation on Potential Acquisition of $4 Million Home Service Business • VAYK • May 9, 2024 9:00 AM
Bantec's Howco Awarded $4.19 Million Dollar U.S. Department of Defense Contract • BANT • May 8, 2024 10:00 AM
Element79 Gold Corp Successfully Closes Maverick Springs Option Agreement • ELEM • May 8, 2024 9:05 AM
Kona Gold Beverages, Inc. Achieves April Revenues Exceeding $586,000 • KGKG • May 8, 2024 8:30 AM
Epazz plans to spin off Galaxy Batteries Inc. • EPAZ • May 8, 2024 7:05 AM