Posted by: RedaChouffani
FDA, ICS-CERT, Medical devices
As more medical devices enter the marketplace, payers, physicians and patients are paying close attention to the capabilities they desire, whether that be options for managing chronic conditions or helping with a recovery process. But one need is universal: reliability.
Whether it is hardware or software-based failure, electronic devices can malfunction. Many patients understand and – to a degree – accept this. However, as data breaches increase, more people are concerned about security vulnerabilities in mobile and medical devices.
An alert by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) on June 13, 2013 described researchers reporting hard-coded password vulnerability affecting about 300 medical devices across 40 different vendors. These discoveries can potentially allow for access to the devices’ firmware. It goes unsaid that exploitation of this information could pose a significant danger to their users.
Because of the urgent nature of the threat, the ICS-CERT has been working closely with the Food and Drug Administration (FDA) to identify vendors and mitigate risks.
Some types of devices identified in the report:
- Surgical and anesthesia devices
- Drug infusion pumps
- External defibrillators
- Patient monitors
- Laboratory and analysis equipment
The FDA has published best practices in an attempt to help individuals and healthcare facilities take appropriate steps from here.