Hospitals: Device Manufacturers Must Fix Cyber Risks Now

Hospital information technology (IT) and security executives around the nation are voicing their concerns about cyber-attacks against medical devices, citing that manufacturers often resist requests to better secure their products.

Many hospitals contend that manufacturers’ slowness to fix the problem could lead to breached medical devices, which could possibly result in theft of information from other parts of a hospital network or jeopardize patient safety, Wall Street Journal reports.

Some complaints hospitals have voiced include medical devices running on obsolete software; devices are not encryptable; the equipment does not have antivirus software running on them; devices are not patched or fixed. Hospital officials claim manufacturers have blamed the FDA as a hindrance to improve security, as the existing FDA guidance, released in 2005, requires medical device makers to seek the organization approval or clearance before installing a software patch.

For its part, the FDA stated that it does not typically need to review or approve medical device software changes made solely to strengthen cyber security.

In June, the Department of Homeland Security (DHS) issed a warning that roughly 300 medical devices from about 40 vendors could be vulnerable to hacking. The alert indicated the vulnerability could be exploited to potentially change critical settings and/or modify device firmware. The affected devices are manufactured by a broad range of vendors and fall into a broad range of categories including but not limited to surgical and anesthesia devices, ventilators, drug infusion pumps, external defibrillators, patient monitors, and laboratory and analysis equipment.

Read the full story.

Related Articles:

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety HQ