Skip to main content

FDA urges protection of medical devices from cyber threats

The U.S. Food and Drug Administration on Thursday urged medical device makers and medical facilities to upgrade security protections to protect against potential cyber threats that could compromise the devices or patient privacy.

It released that advisory in coordination with a separate alert from the Department of Homeland Security, which disclosed vulnerability in a wide variety of medical equipment that can make those devices vulnerable to remote attacks from hackers.

 

"Over the past year, we've become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us," William Maisel, deputy director for science at the FDA's Center for Devices and Radiological Health, said in an interview. "Hundreds of medical devices have been affected, involving dozens of manufacturers," Maisel said, adding that many were infected by malicious software, or malware.

But he said all the infections appeared to be unintentional, largely due to malware and computer viruses that were circulating in hospital computer networks and jumped onto the devices.

An alert published on the government's Industrial Control Systems Cyber Emergency Response Team website, cited research from Billy Rios and Terry McCorkle of the cyber security firm Cylance Inc, who said they have identified more than 300 pieces of medical equipment that are vulnerable to cyber attack. They include surgical and anesthesia devices, ventilators, drug infusion pumps, patient monitors and external defibrillators.

The problem with the equipment is that it can be controlled using default passwords that can be obtained with relative ease by motivated hackers, Rios said in an interview. Those passwords give their holders complete control of the devices and in some cases can be used to gain that access remotely via the Internet, he said.

"Somebody could take over the device and make it do whatever they want it to do and it would be almost impossible for hospital staff to know that it had been tampered with," Rios said.

Rios and McCorkle are among a group of security experts who in recent years have suggested that medical devices such as insulin pumps and pacemakers could be vulnerable to hacking.

The FDA on Thursday said it is not aware of any patient injuries or deaths associated with devices and hospital computer networks that have been infected with malware and computer viruses.

In an advisory on its website, however, the FDA said manufacturers, hospitals and patients need to protect themselves better from the introduction of malware in medical equipment and unauthorized access to settings that control devices.

"Many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches," the agency said.

The risk of breaches has grown as devices have become increasingly interconnected, via the Internet, hospital networks, other medical devices and smartphones, the FDA said.

"Specifically we recommend that manufacturers review their cybersecurity practices and policies to assure that appropriate safeguards are in place to prevent unauthorized access or modification to their medical devices or compromise of the security of the hospital network that may be connected to the device," the agency said.

Among its recommendations, the FDA said manufacturers need to take steps to limit unauthorized device access to trusted users only, particularly for devices that are "life sustaining" or could be directly connected to hospital networks.

User IDs, passwords and other security controls need to be strengthened, including potential use of biometrics, the agency said. Moreover, manufacturers need to assure that devices recover and continue to work once security has been compromised.

"Cybersecurity incidents are increasingly likely," the FDA said, "and manufacturers should consider incident response plans that address the possibility of degraded operation and efficient restoration and recovery."

_0">

The FDA also urged health care facilities to evaluate their network security, including restricting unauthorized access to the network and networked devices.

_1">

(Reporting by Ransdell Pierson in New York and Jim Finkle in Boston; Editing by Ros Krasny, Dan Grebler and Bernard Orr)

_2">

Popular posts from this blog

Study Abroad USA, College of Charleston, Popular Courses, Alumni

Thinking for Study Abroad USA. School of Charleston, the wonderful grounds is situated in the actual middle of a verifiable city - Charleston. Get snatched up by the wonderful and customary engineering, beautiful pathways, or look at the advanced steel and glass building which houses the School of Business. The grounds additionally gives students simple admittance to a few major tech organizations like Amazon's CreateSpace, Google, TwitPic, and so on. The school offers students nearby as well as off-grounds convenience going from completely outfitted home lobbies to memorable homes. It is prepared to offer different types of assistance and facilities like clubs, associations, sporting exercises, support administrations, etc. To put it plainly, the school grounds is rising with energy and there will never be a dull second for students at the College of Charleston. Concentrate on Abroad USA is improving and remunerating for your future. The energetic grounds likewise houses various
Read more

Best MBA Online Colleges in the USA

“Opportunities never open, instead we create them for us”. Beginning with this amazing saying, let’s unbox today’s knowledge. Love Business and marketing? Want to make a high-paid career in business administration? Well, if yes, then mate, we have got you something amazing to do!   We all imagine an effortless future with a cozy house and a laptop. Well, well! You can make this happen. Today, with this guide, we will be exploring some of the top-notch online MBA universities and institutes in the USA. Let’s get started! Why learn Online MBA from the USA? Access to More Options This online era has given a second chance to children who want to reflect on their careers while managing their hectic schedules. In this, the internet has played a very crucial in rejuvenating schools, institutes, and colleges to give the best education to students across the globe. Graduating with Less Debt Regular classes from high reputed institutes often charge heavy tuition fees. However onl
Read more

Sickening moment maskless 'Karen' COUGHS in the face of grocery store customer, then claims she doesn't have to wear a mask because she 'isn't sick'

A woman was captured on camera following a customer through a supermarket as she coughs on her after claiming she does not need a mask because she is not sick.  Video of the incident, which has garnered hundreds of thousands of views on Twitter alone, allegedly took place in a Su per Saver in Lincoln, Nebraska according to Twitter user @davenewworld_2. In it, an unidentified woman was captured dramatically coughing as she smiles saying 'Excuse me! I'm coming through' in the direction of the customer recording her. Scroll down for video An unidentified woman was captured dramatically coughing as she smiles saying 'Excuse me! I'm coming through' in the direction of a woman recording her A woman was captured on camera following a customer as she coughs on her in a supermarket without a mask on claiming she does not need one because she is not sick @chaiteabugz #karen #covid #karens #karensgonewild #karensalert #masks we were just wearing a mask at the store. ¿ o
Read more