• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
    • Cardiovascular
    • Orthopedics
  • Wall Street Beat
    • Funding Roundup
    • Mergers & Acquisitions
  • Podcasts
    • MPR: Breakthrough Products Series
  • Resources
    • About MassDevice
    • Newsletter Signup
    • Job Board
    • Leadership in Medtech
    • Manufacturer Search
    • MedTech 100 Index
    • Videos
    • Whitepapers
  • DeviceTalks Tuesdays
    • DeviceTalks
  • Coronavirus: Live updates
Home » FBI: Medical devices unprepared for new era of cyber attacks

FBI: Medical devices unprepared for new era of cyber attacks

April 26, 2014 By Arezu Sarvestani

Medical devices are unprepared for increasing cyber-attacks, FBI says

Medical devices and other hospital and healthcare systems need some serious security upgrades to weather the coming onslaught of malicious hacking, according to the FBI’s Cyber Division.

With an impending deadline to shift to electronic medical records, which fetch a high price on the black market, healthcare systems are an increasingly alluring target for cyber-criminals.

"The deadline to transition to EHR is January 2015, which will create an influx of new EHR coupled with more medical devices being connected to the internet, generating a rich new environment for cyber criminals to exploit," according to an unclassified FBI report. "The health care industry is not technically prepared to combat against cyber criminals’ basic cyber intrusion tactics, techniques and procedures, much less against more advanced persistent threats."

No targeted medical device hacks have been reported outside of research settings, but security analysts have found that many U.S. hospitals and their medical devices have been infiltrated by malware. Many systems remain infected as hacks go undetected, according to a report released earlier this year by Norse.

Medical devices such as radiology imaging software and X-ray machines are vulnerable to attack even if they don’t contain sensitive patient information. The vast majority of networked medical devices in hospitals today have minimal security protections, and "once medical devices are compromised, malicious traffic is transmitted through VPNs and firewalls" to other systems, the FBI said.

Perhaps the biggest vulnerability is healthcare IT officials’ belief that their systems are secure enough already.

"The health care industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," according to the federal memo.

Healthcare industry security reports released over the last year put the black market value of a partial electronic health record at $50 apiece, compared with $1 for a stolen credit card or social security number. Criminals can use EHR data to file fake insurance claims, get prescription drugs and "advance identity theft," and EHR fraud takes nearly twice as long to detect than normal identity theft.

Financial gains aren’t the only reasons that attackers may target healthcare systems. The infamous and inscrutable hacker group Anonymous made recent threats against Boston Children’s Hospital, calling on internet activists to bombard the hospital’s website with a flood of traffic to disrupt its online services. The group is demanding that BCH fire one of its doctors over the controversial detainment of a pediatric patient made ward of the state.

Cyber-attacks that attempt to overload servers with a flood of requests, sometimes called "denial of service" or DoS attacks, aim to disrupt an organization’s workflow by wiping out access to cloud-based tools and resources. Programmers can insulate their systems from such attacks by ensuring that servers and devices aren’t permanently knocked out after being bombarded, but recent testing has shown that many medical devices lack such protections.

Researchers at SecureState reported last year that their penetration testing found that devices such as IV pumps and X-ray machines are vulnerable to the fairly rudimentary form of attack. Earlier last year a pair of security researchers used a DoS hack to demonstrate that a Philips (NYSE:PHG) Xper hospital management system could be infiltrated and "owned" fairly easily.

Researcher and expert medical device hacker Florian Grunow told an audience at the European DeepSec conference last year that medtech vendors simply aren’t interested in security until they’ve been hacked or experienced some other digital dilemma that forces their hands.

Not many device makers have spoken openly about their interest (or lack thereof) in digital defenses, but industry titan Medtronic (NYSE:MDT) has said on more than one occasion that  medtech cybersecurity is a "high priority" for the company. Medtronic later reiterated its commitment in a manifesto on cybersecurity, promising to keep a close eye on its devices and take action on any new vulnerabilities it discovers.

Filed Under: News Well Tagged With: Cybersecurity, Federal Bureau of Investigation (FBI)

In case you missed it

  • Leading Medical UX Trends
  • Ex-Acclarent execs fined $1.5M in off-label marketing case
  • CDER head Woodcock to lead FDA for now
  • Prosecutors want to present evidence of Elizabeth Holmes’ quest for wealth and fame
  • TransEnterix raises more than $31M in stock offering
  • Boston Scientific launches WaveWriter Alpha spinal cord stim
  • What’s next for the FDA and for Stephen Hahn?
  • Apple magnetic charger, smartwatch may deactivate Medtronic ICD
  • Medicare to cover breakthrough devices
  • FDA debuts plan for AI-based Software as a Medical Device
  • EU allows remote audits for medical devices during pandemic
  • Smith+Nephew sees Movemedical automating inventory for its sales people
  • BD stock up on Street-beating preliminary quarterly revenue numbers
  • Boston Scientific’s preliminary Q4 results show 6.8% revenue decline
  • BREAKING: Steris to acquire Cantel Medical in $4.6B deal
  • FDA grants EUA for RapCov rapid COVID-19 antibody test
  • Former Corindus CEO Toland joins robotic `micro’ surgical startup

RSS From Medical Design & Outsourcing

  • Reflow Medical launches low-profile reinforced support catheters
    Reflow Medical today announced it has launched its Reflow Spex Low Profile reinforced support catheters. The Spex LP catheters are designed to provide the lowest profile tip to access and cross the tightest and most complex lesions with a supportive system. They come in 0.014 in. and 0.018 in. sizes and can be combined with… […]
  • CDER head Woodcock to lead FDA for now
    FDA veteran Dr. Janet Woodcock has been tapped as interim FDA commissioner by the Biden administration, according to published reports. An article by BioCentury also said that former FDA commissioner David Kessler, who had been mentioned as a possible replacement for current commissioner Stephen Hahn, will be a consultant to the agency but will not… […]
  • What’s next for the FDA and for Stephen Hahn?
    Outgoing FDA commissioner Stephen Hahn says he needs some time to reflect on his future after leading the FDA for a little over a year. It’s hard to blame him. Hahn’s brief tenure at FDA has been rocky, to say the least. (News of his temporary replacement broke on Thursday, when the incoming Biden administration… […]
  • Medicare to cover breakthrough devices
    FDA-designated breakthrough devices will have Medicare coverage the same day they are approved, under a final rule issued this week by the Centers for Medicare and Medicaid Services (CMS). The Medicare Coverage of Innovative Technology (MCIT) rule will provide national Medicare coverage as early as the same day as FDA market authorization for breakthrough devices… […]
  • FDA debuts plan for AI-based Software as a Medical Device
    The FDA today released its first plan to regulate artificial intelligence/machine learning (AI/ML)-based Software as a Medical Device (SaMD). The plan is a response to feedback received from the agency’s April 2019 discussion paper, “Proposed Regulatory Framework for Modifications to Artificial Intelligence/Machine Learning-Based Software as a Medical Device.” It outlines five actions that the FDA… […]
  • EU allows remote audits for medical devices during pandemic
    The European Union has announced that it will temporarily allow remote audits of medical devices and in vitro diagnostics under the new regulations (MDR IVDR), set to go into effect on May 2021 and 2022 respectively. In a document published Monday, the European Commission agreed with industry and notified bodies that the ongoing COVID-19 pandemic… […]
  • Apple magnetic charger, smartwatch may deactivate Medtronic ICD
    A new study in the Heart Rhythm Journal showed a magnetic charger for the iPhone 12 was able to deactivate a Medtronic implantable cardioverter defibrillator (ICD). The iPhone 12 has a circular array of magnets deployed around a central charging coil, making it compatible with the company’s wireless “MagSafe” accessories, according to the study published… […]
  • BREAKING: Steris to acquire Cantel Medical in $4.6B deal
    Steris (NYSE:STE) announced today that it will acquire Cantel Medical (NYSE:CMD) for $4.6 billion — a major merger in the infection prevention space. The deal is expected to close by June 30, pending customary closing conditions, regulatory approvals and an OK by Cantel shareholders. News of the merger comes a month and a half after Steris closed… […]
  • How Abbott stayed two steps ahead of COVID-19
    Developing a fast COVID-19 that resembled a pregnancy test and building two factories to boost productions — those were but two of the quick-thinking actions that Abbott (NYSE:ABT) officials took in the early months of a deadly coronavirus pandemic. Abbott began tracking the virus in China at the end of 2019 and into early 2020. By February,… […]
  • BREAKING: Big medtech suspends political contributions in wake of Electoral College vote
    Just as they lined up to condemn last week’s attack on the U.S. Capitol, major medtech companies are suspending political contributions because of 147 federal lawmakers’ refusal to acknowledge the Electoral College win by President-elect Joe Biden and Vice President-elect Kamala Harris. Boston Scientific announced on Sunday that it has chosen to temporarily suspend its… […]
  • Neurofeedback could help prostheses feel lighter: Here’s how
    Researchers at ETH Zurich have developed a prosthesis system that connects to the body’s nervous system to help amputees perceive a prosthetic weight as lower. The prosthesis system provides feedback to the wearer using electrodes implanted in the thigh that are connected to the leg nerves. Information from the tactile sensors under the sole of… […]

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
Need Medtech news in a minute?
We Deliver!

MassDevice Enewsletters get you caught up on all the mission critical news you need in med tech. Sign up today.

Tweets by @MassDevice
MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us

Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube

Copyright © 2021 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Advertise | Privacy Policy | RSS