Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

FDA Warns of Cyber Attacks on Medical Devices

WASHINGTON – US authorities on Thursday warned makers of medical devices and hospital networks to step up efforts to guard against potential cyber attacks.

The US Food and Drug Administration said implanted devices, which could include pacemakers or defibrillators, could be connected to networks that are vulnerable to hackers.

WASHINGTON – US authorities on Thursday warned makers of medical devices and hospital networks to step up efforts to guard against potential cyber attacks.

The US Food and Drug Administration said implanted devices, which could include pacemakers or defibrillators, could be connected to networks that are vulnerable to hackers.

An FDA warning notice was sent to medical device manufacturers, hospitals, medical device user facilities, health care technical staff and biomedical engineers.

Medical Device Security

It said the agency has recently “become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations.”

“The FDA is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack,” the warning said.

These devices or systems could be compromised “by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks,” the FDA said.

“This may sound like it is out of a science fiction movie, but the threat is conceivably a serious one,” said Jon Ogg at 24/7 Wall Street.

“Can you imagine a device being retooled maliciously, like an inserted pacemaker/defibrillator? Or imagine if a robotic surgery system was maliciously recalibrated in even a slight manner for surgeries.

Advertisement. Scroll to continue reading.

“The list of threats is endless.”

The FDA said it was “not aware of any patient injuries or deaths associated with these incidents” nor does it have any specific information on targeted devices.

The FDA said it had been working with other federal agencies as well as manufacturers, which it said are “responsible for remaining vigilant about identifying risks and hazards associated with their medical devices.”

Among the measures that should be taken, the FDA said, are limiting unauthorized device access, “particularly for those devices that are life-sustaining or could be directly connected to hospital networks.”

Related Reading: Securing Medical Devices From Attacks

Related ReadingHacking The Human Body SCADA System

Related Reading: Lawmakers Say FDA Needs to Consider Security for Medical Devices

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Check Point Software has appointed Nadav Zafrir as Chief Executive Officer

BlackFog has named Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales

Former NSA cybersecurity chief Rob Joyce has joined Sandfly Security's Advisory Board.

More People On The Move

Expert Insights