FDA: Pacemakers, Insulin Pumps Could Be Hacking Targets
Cyberattackers could take control of a medical device and cause it not to work properly or at all
TUESDAY, Oct. 1, 2019 (HealthDay News) -- Medical devices that can connect to the internet might be at risk for hacking, the U.S. Food and Drug Administration warned Tuesday.
This warning concerns several operating systems that could affect medical devices connected to a network, like Wi-Fi and public or home internet, and equipment such as routers, phones, and other communications gear, the agency said. It is possible that an attacker could exploit these vulnerabilities and take control of a medical device, change its function, cause denial of service, or cause information leaks. Logical flaws can also be introduced that could cause the device not to work properly or at all. However, so far, the FDA has not received any report of a device being hacked.
"While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed could be significant," Suzanne Schwartz, M.D., M.B.A., deputy director of the Office of Strategic Partnerships and Technology Innovation in the FDA Center for Devices and Radiological Health, said in a statement. "The safety communication issued today contains recommendations for what actions patients, health care providers, and manufacturers should take to reduce the risk this vulnerability could pose. It's important for manufacturers to be aware that the nature of these vulnerabilities allows the attack to occur undetected and without user interaction."
These vulnerabilities are in software called IPnet that computers use to communicate over networks. Systems that include IPnet are: VxWorks (by Wind River), Operating System Embedded (OSE; by ENEA), INTEGRITY (by Green Hills), ThreadX (by Microsoft), ITRON (by TRON), and ZebOS (by IP Infusion).
The FDA is working with manufacturers to identify products that could be vulnerable and to develop plans to thwart any potential breaches.