Hospitals: Device Manufacturers Must Fix Cyber Risks Now

Published: August 6, 2013

Hospital information technology (IT) and security executives around the nation are voicing their concerns about cyber-attacks against medical devices, citing that manufacturers often resist requests to better secure their products.

Many hospitals contend that manufacturers’ slowness to fix the problem could lead to breached medical devices, which could possibly result in theft of information from other parts of a hospital network or jeopardize patient safety, Wall Street Journal reports.

Some complaints hospitals have voiced include medical devices running on obsolete software; devices are not encryptable; the equipment does not have antivirus software running on them; devices are not patched or fixed. Hospital officials claim manufacturers have blamed the FDA as a hindrance to improve security, as the existing FDA guidance, released in 2005, requires medical device makers to seek the organization approval or clearance before installing a software patch.

For its part, the FDA stated that it does not typically need to review or approve medical device software changes made solely to strengthen cyber security.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

In June, the Department of Homeland Security (DHS) issed a warning that roughly 300 medical devices from about 40 vendors could be vulnerable to hacking. The alert indicated the vulnerability could be exploited to potentially change critical settings and/or modify device firmware. The affected devices are manufactured by a broad range of vendors and fall into a broad range of categories including but not limited to surgical and anesthesia devices, ventilators, drug infusion pumps, external defibrillators, patient monitors, and laboratory and analysis equipment.

Read the full story.

Related Articles:

ADVERTISEMENT
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series