Symantec Corp. (SYMC)

[chmcnfunds]

An other take on medical devices cyber-security:

Quote:
______________________________________________________

Protect Medical Devices From Cyber Attacks, FDA Urges

Article Date: 14 Jun 2013 - 10:00 PDT

The FDA is urging medical device makers and health care facilities to make sure there are proper safeguards in place to protect their medical devices from cyber threats.

The FDA (Food and Drug Administration) said on Thursday that its warning is directed specifically at biomedical engineers, health care IT and procurements staff, medical device user facilities, hospitals and medical device manufacturers.

A cyber attack may be caused when *malware is introduced into medical equipment, as well as unauthorized people gaining access to configuration settings in hospital networks and equipment.

*Malware is software that is created to disable or damage computers and computer systems, i.e. malicious software.

Most medical devices today contain embedded computer systems that are configurable, meaning they can be altered or tweaked, making them vulnerable to cyber-security breaches.

The threat has become more serious over the last fifteen years as a growing number of medical devices are interconnected through hospital networks, the Internet, smartphones and other medical devices. Every new type of connection increases their vulnerability to malicious attacks.

The FDA says that it has become aware of the following cyber-security vulnerabilities and incidents regarding hospital network operations and medical devices:
Medical devices that are configured and/or connected to a network being disabled by malware

Malware penetrating hospital smartphones, tablets, other mobile devices that use Wi-Fi technology to access patient information, implanted patient devices, and hospital computers

Lack of proper security regarding passwords, disabled passwords, and hard-coded passwords for software intended for selected personnel such as maintenance, technical or administrative staff

Not regularly updating medical device and network software

Not addressing vulnerabilities in legacy devices (older medical devices)

Security weaknesses in off-the-shelf software which is supposed to prevent unauthorized network or device access, such as hard-coded passwords, plain-text or no authentication, poor coding/SQL infection, and documented service accounts in service manuals
So far, the FDA has received no reports of specific systems or devices in clinical use being deliberately targeted, neither is it aware of any patient injuries or deaths caused by these incidents.

According to the FDA, American health and other authorities, medical device and software companies have been liaising closely to minimize the risk of cyber attacks.
What actions does the FDA recommend?

A high percentage of medical devices contain configurable embedded computer systems that are potential targets for cyber threats.

Recommendations for device manufacturers

It is the responsibility of medical device manufacturers to be on the lookout for potential risks and hazards related to their products, including cyber-security risks. They are also responsible for making sure appropriate mitigations are in place to guarantee patient safety and to make sure the device performs properly.
___________________________________________________________
http://www.medicalnewstoday.com/articles/262001.php

SYMC