Our Clean Sweep Live Auction is coming up fast! Next Tuesday, September 26th at 9:30AM EST

DOTmed Home MRI Oncology Ultrasound Molecular Imaging X-Ray Cardiology Health IT Business Affairs
News Home Parts & Service Operating Room CT Women's Health Proton Therapy Endoscopy HTMs Mobile Imaging
Current Location:
> This Story

Log in or Register to rate this News Story
Forward Printable StoryPrint Comment


More Industry Headlines

New study pinpoints most effective infection control practices Maintain a sterile operating field and track outcomes

Cardiologist salaries are on the rise in the U.S., survey finds Growing faster on the private side

International Atomic Energy Agency in partnership to get new Varian linac Will help the agency answer requests for standards and guidance

PET imaging used for the first time to evaluate Zika virus in mouse model May aid in development of therapeutic agents

Children undergoing CT scans for head injuries at risk for radiation overexposure Roughly half of kids visiting ER receive scans

Radiology Partners to acquire Southwest Diagnostic Imaging Joining with SDI 'represents about a 25 percent increase' in RP's size

Study finds MR detects 98 percent of pregnancy-related breast cancers May also inform surgical management of disease

NuVasive releases LessRay software technology system in the U.S. Allows for lower dose while still retaining high image quality

FDA gives nod to Hitachi’s Supria True64 CT System Economy compact model system that consists of a premium image quality chain

Mevion submits MEVION S250i for premarket approval Features improved pencil-beam scanning

Kevin Fu,
head of the Archimedes Center
for Medical Device Security
at the University of Michigan

Medical devices riddled with security vulnerabilities

by Carol Ko , Staff Writer
An uptick in cybercrimes has spurred the U.S. Food and Drug Administration to put the medical device industry on notice.

Medical devices that fail to satisfy the agency's newly drafted cybersecurity guidelines may soon be blocked from approval once the guidelines are finalized later in the year, according to the agency.

Story Continues Below Advertisement

Streamline Your Radiology Workflow with RamSoft's PowerServer RIS/PACS

The PowerServer RIS/PACS is a single database application, essential to reducing redundant work, limiting manual data entry, and increasing consistency throughout healthcare practices. Click to learn how it will help you improve patient care and more.

If finalized, this directive may have far-reaching consequences for medical manufacturers and how they design their products in the future.

Health IT experts say it's about time. Years ago in a laboratory experiment, Kevin Fu, head of the Archimedes Center for Medical Device Security at the University of Michigan, demonstrated how he could hack into a combination heart defibrillator and pacemaker to induce potentially fatal electric jolts.

There's no need to panic just yet — such a threat is currently only theoretical. But experts say these vulnerabilities demonstrate how far behind the medical industry is on cybersecurity measures that have long been standard in the consumer electronic space.

DOTmed Business News tracked Fu down so we could get his thoughts on the FDA directive, potential worst-case scenarios, device security, and projections for the future.

DMBN: First off, I know it's difficult to quantify the number of security breaches that happen, but can you point to any source that says these incidents are increasing?

KF: I was one of the first people to submit a report through the Medwatch 3500 process on an AED external defibrillator — it was the only one they received that year. Now I'm told they're receiving reports a couple of times a month.

And just recently there was just one person who discovered they were able to obtain the administrative passwords of over 50 medical devices, giving them complete control over each device including its function, its software and its behavior.

DMBN: What sort of cyber attacks have happened in the past?

KF: All the incidents I'm aware of are malware that accidentally get into a medical device. For instance, in my lab we have a pharmaceutical compounder, a device that creates nutrients taken intravenously. And it happens to run Windows XP, a piece of software that is ten years old and riddled with security vulnerabilities, yet it's still being deployed. Think of our outdated home PC software that got hit with malware — we've probably replaced them ten years ago. But guess what? They're still in hospitals.

DMBN: Do you think malware will eventually evolve to intentionally target medical devices?
  Pages: 1 - 2 - 3 - 4 >>


You Must Be Logged In To Post A Comment

Increase Your
Brand Awareness
Auctions + Private Sales
Get The
Best Price
Buy Equipment/Parts
Find The
Lowest Price
Daily News
Read The
Latest News
Browse All
DOTmed Users
Ethics on DOTmed
View Our
Ethics Program
Gold Parts Vendor Program
Receive PH
Gold Service Dealer Program
Receive RFP/PS
Healthcare Providers
See all
HCP Tools
A Job
Parts Hunter +EasyPay
Get Parts
Recently Certified
View Recently
Certified Users
Recently Rated
View Recently
Certified Users
Rental Central
Rent Equipment
For Less
Sell Equipment/Parts
Get The
Most Money
Service Technicians Forum
Find Help
And Advice
Simple RFP
Get Equipment
Virtual Trade Show
Find Service
For Equipment
Access and use of this site is subject to the terms and conditions of our LEGAL NOTICE & PRIVACY NOTICE
Property of and Proprietary to DOTmed.com, Inc. Copyright ©2001-2017 DOTmed.com, Inc.