July 17, 2013 at 6:23 pm #179466
FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks
Date Issued: June 13, 2013
Audience: Medical device manufacturers, hospitals, medical device user facilities, health care IT and procurements staff; and biomedical engineers
Issue: Cybersecurity for medical devices and hospital networks
Purpose: The FDA is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks.
Summary of Problem and Scope: Many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the Internet, hospital networks, other medical device, and smartphones, there is an increased risk of cybersecurity breaches, which could affect how a medical device operates.
Recently, the FDA has become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations, including:
July 17, 2013 at 6:27 pm #179470
Additional information and commentary from All Things Security Blog:
FDA Releases Advisory for Cybersecurity in Medical Devices and Hospital Networks
On June 13th the U.S. Food and Drug Administration issued a cybersecurity advisory statement addressing the need for increased focus on security in medical devices and hospital networks. The statement is no surprise as it follows a more than a year of mounting pressuring and increasing evidence that the health-care sector is among the most vulnerable to hackers. Not only are they vulnerable but the data that typical medical networks contain is highly sensitive, Chris Wysopal outlined this in a recent interview with Fox News. And of course there’s also the fact that a medical device not working as it should can be the difference between life and death.
There’s no argument that the need for more security is apparent and imperative so we applaud the FDA for taking these first steps in remediating the problems at hand. The advisory statement recommends the following steps for medical device manufacturers;
July 17, 2013 at 6:29 pm #179468
IMO typical mass media spreading of FUD although there are alot of good points…
Commentary on video by Veracode Blog:
Last night our CTO and Co-Founder Chris Wysopal joined Fox Business’ The Willis Report to chat about medical record privacy in a segment titled “Digital Records Putting Your Health Information at Risk?”
In the six minute segment Chris talks about “the dark side” of putting medical data online in cloud servers. Among the stats thrown around;
50% of doctors offices put customer data online,
80% of hospitals put customer data online,
21 million people had electronic records stolen in last 3 years,
94% of healthcare companies report data breaches.
Staggering numbers no doubt, you might be asking exactly how dangerous is this information? Health insurance fraud, financial identity theft, credit risk and even personal endangerment. If a someone undergoes a medical procedure under your identity, your medical records become flawed. health-care-companies-hackedIn a scenario where you’re undergoing emergency procedures your records could say you’ve had your appendix out when in fact you haven’t.
You must be logged in to reply to this topic.