According to MIT Technology Review’s David Talbot, partipants in a recent National Institute of Standards and Technology (NIST) panel discussion warned that computerized hospital equipment is “increasingly vulnerable to malware infections.”
“In an August report, the Government Accountability Office warned that computerized medical devices could be vulnerable to hacking and asked the FDA to address the issue,” writes FierceHealthIT’s Susan D. Hall. “That warning was focused on implanted defibrillators and insulin pumps, though those problems represent ‘a drop in the bucket’ to the thousands of other network-connected devices that are vulnerable, according to Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst.”
“Mark Olson, the chief information security officer at Boston’s Beth Israel Deaconess Medical Center, told attendees that malware had infected fetal monitors in his hospital’s high-risk pregnancy ward, to the point where they were so slow they couldn’t properly record data,” writes Ars Technica’s Sean Gallagher. “‘Fortunately, we have a fallback model,’ Olson said. ‘They are in an (intensive care) unit — there’s someone physically there to watch. But if they are stepping away to another patient, there is a window of time for things to go in the wrong direction.'”
“The problem is made worse by the fact that most of the medical equipment is hooked up to systems running old versions of Windows that the hospitals aren’t allowed to modify or upgrade,” writes Forbes’ Adrian Kingsley-Hughes. “Even adding antivirus protection is forbidden as it could breach U.S. Food and Drug Administration regulations. The problem is so bad that systems have to be taken offline regularly — sometimes as often as weekly — to remove the malware.”
“There are also fears, the panel agreed, that medical devices could even end up being part of botnets — large networks of hijacked computers that are often used to send out spam email,” writes BBC News’ Dave Lee. “Medical devices could be struck down by slow performance related to being infected, Mr. Fu told the BBC. ‘Imagine you have a heart monitor that’s running Windows and it gets infected by a computer virus and slows down. This mere slowing down of the computer could cause the device to miss a sensor reading. It certainly raises an eyebrow. Who’s watching out for that?'”
“It looks like Kaspersky Lab may have found a new target market for its ultra-secure industrial operating system,” suggests Betabeat’s Steve Huff.