The Unwired Medic

Teaching EMS providers & other public safety pros about using mobile tech to improve their practice, patient care, continuing education, scene safety, general entertainment, & productivity.

Medical Devices At Risk For Hacking

June 24, 2013 by The Unwired Medic | 1 Comment

A little birdie told me about a couple articles that are drawing attention to the possibility of medical device hacking.

unlock

Image credit: twasa – http://www.sxc.hu/profile/twasa – Image retrieved from http://www.sxc.hu/photo/223063 on 24 June 2013

The first article I share with you is from the ICS-CERT (Industrial Control Systems Cyber Emergency Response Team).  They are advising that they have confirmed that approximately 300 medical devices from over 40 vendors have hard-coded passwords that hackers can access to reprogram settings on the devices, or change the parameters of operations on things like pacemakers and insulin pumps.  These risks have been known for a while, but now, the federal government is looking into compelling the device manufacturers to beef up their devices’ security features to prevent unwanted adjustments that could endanger lives.  There are even a few conspiracy theories that these vulnerabilities leave “backdoors” for those who would seek to kill an opponent.  A few dozen extra units of insulin or a badly timed internal defibrillation would certainly be an effective means to end a life.

Visit the ICS-CERT for this article, at http://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01

Next, as of June 13th, the FDA has placed a notice out there and is also opening a 90-day window to solicit input and feedback on proposed rules to strengthen security requirements on medical devices.  Check out these two articles:

FDA Safety Communication: Cybersecurity for Medical Devices and Hospital Networks – http://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm356423.htm

and

Content of Premarket Submissions for Management of Cybersecurity in Medical Devices – Draft Guidance for Industry and Food and Drug Administration Staff – http://www.fda.gov/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm356186.htm

 

In case you are thinking this could only apply to devices that are implanted or placed upon a patient, think again.  Our expensive cardiac monitors use these same types of access passwords to set the alarms and even limit the amount of energy delivered with a defibrillation.  It would be devastating to us to have a device not alarm when it is supposed to, like during apneic periods, or desaturation, or even during a run of VTach.

One Comment

Leave a reply →

Leave a Reply

Required fields are marked *.