MD+DI Online is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Why You Should Care About Medical Device Cybersecurity

Medical devices in hospitals are being hijacked, and the IT workers aren't even noticing it, according to a recent report that highlighted real-life cases.

Qmed Staff

Hacker
Don't let some shadowy hacker steal information from your medical devices. (Image courtesy of tigerlily713 on Pixabay)

Medtech professionals may want to take more notice of cybersecurity issues after the report Anatomy of an Attack, published earlier this year by TrapX Labs, a division of TrapX Security, and described by MD+DI.

The report, as related by MD+DI, described three instances at three separate healthcare institutions where hackers were able to hijack medical devices using malware, with the goal of stealing data from the hospitals' networks.. The identity of the hospitals was not disclosed. (See Phil Raymond director of the Wireless Competency Center at Philips Healthtech discuss security protocols, compliance, and patient privacy at MD&M East, June 14-16 in New York City.)

The medical devices involved included a radiology department picture archiving and communications system, a medical x-ray scanner in the radiology department of a second healthcare institution, and some blood gas analyzers used in a lab serving critical care and emergency services in a third healthcare institution.

What was especially disturbing about the report's findings was that hospital personnel, including experienced IT professionals, were not aware that their devices had been hijacked.

Moshe Ben Simon, co-Founder and vice presdident at TrapX Security, told MD+DI: "Attackers know that medical devices on the network are the easiest and most vulnerable points of entry."

The report recommended that health providers implement strategies to rapidly integrate and deploy medical device software fixes and/or hardware fixes, review vendors cybersecurity protections, and review and remediate existing strategies. Read the full MD+DI story.

FDA has been taking more interest in the cybersecurity issue, too. After a late January workshop on cybersecurity, the agency took comments until April 21 on a Postmarket Management of Cybersecurity in Medical Devices Draft Guidance.

(See Phil Raymond director of the Wireless Competency Center at Philips Healthtech discuss security protocols, compliance, and patient privacy at MD&M East, June 14-16 in New York City.)

Chris Newmarker is senior editor of Qmed and MPMN. Follow him on Twitter at @newmarker.

Like what you're reading? Subscribe to our daily e-newsletter.

Hide comments
account-default-image

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish