Health IT and Electronic Health Activate your FREE membership today |  Log-in

Meaningful Health Care Informatics Blog

Jun 17 2013   9:47PM GMT

300 medical devices across 40 vendors subject to password vulnerability

Posted by: RedaChouffani
FDA, ICS-CERT, Medical devices

As more medical devices enter the marketplace, payers, physicians and patients are paying close attention to the capabilities they desire, whether that be options for managing  chronic conditions or helping with a recovery process.  But one need is universal: reliability.

Whether it is hardware or software-based failure, electronic devices can malfunction.  Many patients understand and – to a degree – accept this. However, as data breaches increase, more people are concerned about security vulnerabilities in mobile and medical devices.

An alert by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) on June 13, 2013 described researchers reporting hard-coded password vulnerability affecting about 300 medical devices across 40 different vendors.  These discoveries can potentially allow for access to the devices’ firmware. It goes unsaid that exploitation of this information could pose a significant danger to their users.

Because of the urgent nature of the threat, the ICS-CERT has been working closely with the Food and Drug Administration (FDA) to identify vendors and mitigate risks.

Some types of devices identified in the report:

  • Surgical and anesthesia devices
  • Ventilators
  • Drug infusion pumps
  • External defibrillators
  • Patient monitors
  • Laboratory and analysis equipment

The FDA has published best practices in an attempt to help individuals and healthcare facilities take appropriate steps from here.

Comment on this Post

Leave a comment:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: