June 13, 2013 – The U.S. Food and
Drug Administration (FDA) issued a cybersecuritynotice
for medical devices and hospital networks recommending
that medical device manufacturers and health care facilities take steps to
assure safeguards are in place to reduce the risk of cyberattacks.
According to the FDA, these
attacks could be initiated by the introduction of malware into the medical
equipment or unauthorized access to configuration settings in medical devices
and hospital networks. There are current reports that computer
viruses and other malware are infecting equipment, such as hospital computers
used to view X-rays and CT scans as well as devices in cardiac catheterization
devices contain configurable embedded computer systems that can be vulnerable
to cybersecurity breaches. The risk is heightened by the fact that medical
devices are increasingly interconnected, via the Internet, hospital networks,
other medical devices, and smartphones.
recommends that health care facilities evaluate their network security and protect
their hospital system. These steps
Restricting unauthorized access to the network and networked medical devices.
network activity for unauthorized use.
individual network components through routine and periodic evaluation,
including updating security patches and disabling all unnecessary ports and
Contacting the specific device manufacturer if you think you may have a
cybersecurity problem related to a medical device. If you are unable to
determine the manufacturer or cannot contact the manufacturer, the FDA and DHS
ICS-CERT may be able to assist in vulnerability reporting and resolution.
and evaluating strategies to maintain critical functionality during adverse
expects medical device manufacturers to take appropriate steps
to limit the opportunities for unauthorized access to medical devices and
review their policies to prevent unauthorized access or modification to their
medical devices or compromise of the security of the hospital network that may
be connected to the device.
information: www.fda.gov and www.appliedradiology.com