A US agency has warned that medical devices(portable ultrasound machine) and hospital networks in America are potentially vulnerable to cyber attacks, urging device manufacturers and medical services to make sure there are proper safeguards in place to prevent such attacks.
On Thursday, the Food and Drug Administration (FDA) disclosed susceptibility in a wide array of life-sustaining devices such as implantable defibrillators, pacemakers as well as wearable insulin pumps.
It stated that hackers might one day penetrate and introduce malware into the medical equipments, and thereby gain access to configure settings in medical devices or hospital networks and either shut them down or manipulate the machinery.
“Over the past year, we've become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us,” said William Maisel, the deputy director for science at the FDA's Center for Devices and Radiological Health.
He added, “Hundreds of medical devices have been affected [in the past], involving dozens of manufacturers.”
Maisel noted that many of the medical devices were infected by malware.
He stressed that no instance of a cyber attack on an implantable device has been documented.
Most medical equipment(sales lead sheet) like pacemakers and defibrillators contain embedded computer systems that are configurable, meaning that they can be altered and are vulnerable to cyber security breaches.
They are interconnected through hospital networks, the Internet, smart phones and other medical equipment that upload data to manufacturers.
The FDA said it has been working with other American agencies as well as manufacturers, which are “responsible for remaining vigilant about identifying risks and hazards associated with their medical devices.”
It also urged health care facilities to limit unauthorized device access, “particularly for those devices that are life-sustaining or could be directly connected to hospital networks.”