Medical devices could be vulnerable to hackers
The United States Department of Homeland Security is currently investigating two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment that could possibly be exploited by hackers, a senior official at the agency told Reuters. This news comes shortly after the FDA released recommendations to manufacturers to strengthen the cybersecurity of medical devices earlier this month.
The devices that are being investigated by the agency’s Industrial Control Systems Cyber Emergency Response Team include an infusion pump from Hospira, an implantable heart devices from Medtronic and St Jude Medical, and many others. The agency is concerned that hackers could gain control of these devices remotely, enabling them to wreak potentially lethal havoc on patients using these devices.
“These are the things that shows like Homeland are built from,” said the official, referring to the US television spy drama in which the fictional vice president of the United States is killed by a cyber-attack on his pacemaker.”It isn’t out of the realm of the possible to cause severe injury or death,” said the official, who did not want to be identified due to the sensitive nature of his work.
“The Department of Homeland Security’s Industrial Control Systems-Cyber Emergency Response Team works directly with the Food and Drug Administration and medical devices manufacturers, health care professionals, and facilities to investigate and address cyber vulnerabilities. DHS actively collaborates with public and private sector partners every day to identify and reduce adverse impacts on the nation’s critical cyber systems,” a DHS spokesman wrote to Ars Technica on Thursday.
The senior official said that the agency began examining medical devices and hospital equipment around two years ago, when cybersecurity researchers began to take more interest in medical devices that were becoming increasingly digital and, as a result, potentially open to hackers. The agency is currently investigating two dozen cases, looking in to suspected vulnerabilities to try to help the manufacturers rectify them.