FDA Issues Medical Device Alert Over Malware
June 17th, 2013 // 11:26 pm @ jmpickett
Latest FDA and cGMP Compliance News
FDA today issued an alert stating that medical devices that have computer systems could could have cyber security breaches and be vulnerable to malware.
FDA noted that medical devices are interconnected more and more, through the Internet, networks in hospitals, and to other devices and smart phones. So there is a higher risk of breaches in cyber security, which could in some cases affect how the device functions. Cyber attacks could occur with malware being introduced into the equipment or by unauthorized access in the configuration settings in some devices or hospital networks.
Some medical device problems that have been attacked by malware can be quite scary. Lat year, IOActive discoverd that some pacemakers can actually be remotely controlled and ordered to deliver a shock of 800 volts by laptop command. This is because of flaws in software programming by the device companies.This is actually enough to kill a person.
FDA’s announcement is not a what if – such breaches have occurred in the past. There have not been any deaths or injuries, but there is no doubt that many medical devices do have security vulnerability.
Some of the specific vulnerabilities with medical devices include:
- Network connected devices that are infected or have been disabled by some type of malware
- Malware on hospital computers or tablets
- Mobile devices that have wireless technology and have access to patient data
- Vulnerabilities in security for off the shelf software that is intended to stop unauthorized device access
- Uncontrolled distribution of computer system passwords
Also, FDA stated that some device firms, hospitals and device user facilities are not doing the needed software updates and patches for some of their medical devices and networks.
FDA recently released a new guidance in draft form for how medical device firms should be addressing cybersecurity in PMAs.It states that FDA works closely with other agencies in the federal government and also manufacturers to mitigate any security vulnerabilities as they are discovered.
