FDA Warns Medical Devices May Be Vulnerable To Cyber Attacks; Researchers Gained Access Using Default Passwords To Over 300 Medical Devices

BY Staff Reporter Jun 14, 2013 01:54 PM EDT

The FDA is warning about security threats on medical devices. Many types of medical equipment may be vulnerable to remote attacks from hackers, they said.

On Thursday, the U.S. Food and Drug Administration and the Department of Homeland Security both issued warnings about the issue. The FDA is calling for medical device makers and medical facilities to upgrade and tighten security protections on medical devices.

"Over the past year, we've become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us. Hundreds of medical devices have been affected, involving dozens of manufacturers," William Maisel, who is the deputy director for science at the FDA's Center for Devices and Radiological Health, said to press.

The infections largely were unintentional. They often happened due to viruses and malware in hospital computer networks jumping onto the medical devices.

The Department of Homeland Security issued an alert in response to a firm who has identified over 300 pieces of medical equipment that is currently vulnerable to attack.

The devices can be controlled using default passwords that can be obtained very easily. Knowing the passwords would give complete control of the devices to hackers, who can often gain access to them remotely.

A team from Cylance Inc, headed by Billy Rios and Terry McCorkle, conducted the research.

"Somebody could take over the device and make it do whatever they want it to do and it would be almost impossible for hospital staff to know that it had been tampered with," Rios said.

The security analysts at Cylance were curious about how easy it would be to hack into medical devices used in hospitals. They figured out hundreds of passwords for a variety of devices, from patient monitors to surgical devices to lab analysis tools.

"We stopped after we got to 300," Rios said.

While the FDA isn't aware of any injuries or deaths from devices infected by malware or viruses, the vulnerability exists and could pose serious problems. They recommend that all manufacturers tighten their standards and "review their cybersecurity practices and policies to assure that appropriate safeguards are in place to prevent unauthorized access or modification to their medical devices or compromise of the security of the hospital network that may be connected to the device," the statement read.

"Cybersecurity incidents are increasingly likely," the FDA said, "and manufacturers should consider incident response plans that address the possibility of degraded operation and efficient restoration and recovery."

FDA Warns Medical Devices May Be Vulnerable To Cyber Attacks; Researchers Gained Access Using Default Passwords To Over 300 Medical Devices

Featured

Jeon Somi Net Worth 2024: How Much Has The Soloist & Ex-IOI Member Made So Far?

Where Is EL7Z UP Now? 'Queendom Puzzle' Global Project Group's Current Updates After Debuting With 'CHEEKY'

TWICE Sana Net Worth 2024: How Wealthy Is Group's Adorable 'Shiba Inu' So Far?

H1-KEY Goes 'Deeper' on Idol Recording Process & More in Media Roundtable

Most Popular

EXO Chanyeol Dresses Up As Satoru Gojo—And Yes, We're Cryin'!

NewJeans' Album Production Halted According to Min Hee Jin: 'This Is Part of HYBE's Interference...'

Where Is Hanni? Reason Member Is 'Missing' in NewJeans's Recent Photos

Taeyeon to Quit As Singer? SNSD Leader Unexpectedly Discovers New Special Skill

aespa Giselle Debuts Pink Hair and Fans Are in Frenzy: ‘This Is Prettiest Her I’ve Ever Seen’