Healthcare News & Insights

Warning: Medical devices can be hacked, group says

Portable computing devices have gotten a lot attention for their potential to expose sensitive medical information. But many medical devices themselves may also be vulnerable to cybersecurity attacks. 

That’s what was recently warned by the Information Security and Privacy Advisory Board, which advises the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB).

In a letter to the OMB, the board called on the government to take more responsibility for protecting medical devices from hackers.

Increasingly, those devices are controlled by software that faces the Internet — and therefore, they’re vulnerable to cyberattacks just like any other computing device. Examples of vulnerable devices range from desktop computers that control radiological imaging to custom software that controls pacemakers, according to the letter.

Increased connectivity means a greater chance that those tools can be infected with malware or otherwise compromised by hackers. In fact, from 2009 to 2011, the Department of Veterans Affairs identified 173 medical devices that had been infected with malware. The infections led to problems within VA hospitals, such as sleep labs being shut down and glucose monitors being disrupted.

Despite the risks, the Information Security and Privacy Advisory Board points out that no government body is charged with protecting medical devices from cyberattacks. The letter recommends assigning responsibility to the FDA or another federal agency to be in charge of medical device security.

As for healthcare organizations, the Information Security and Privacy Advisory Board says providers could use more education about security threats associated with those networked devices.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.

css.php