segunda-feira, 27 de outubro de 2014

Feds Examining Medical Devices for Fatal Cybersecurity Flaws

It was an Eerie Tale. Former US Vice President, Dick Cheney, Announced Last Year that, he Disabled the Wireless Function of the Implanted Heart Defibrillator amid Fears it Could be Exploited by Terrorists Wanting to Kill him. Cheney's Announcement Put a Face to the Fear of Possible Medical-Device Hacking Exploits and Researchers and the Federal Government were Slowly Realizing there were Genuine Vulnerabilities Associated with these Implanted Devices. They are Equipped with Computerized Functions and Wireless Capabilities that Allow the Devices to be Administered without Requiring Additional Surgery and therefore, they Could be Vulnerable to Hacker Exploit. Cheney's Move May Have Seemed Far-Fetched but, his Paranoia is Being Confirmed, as the Department of Homeland Security is Now Probing Potential Cybersecurity Flaws in Certain Medical Devices.


"The Department of Homeland Security’s (DHS) Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT) works directly with the Food and Drug Administration (FDA) and medical devices manufacturers, health care professionals and facilities to investigate and address cyber vulnerabilities. DHS actively collaborates with public and private sector partners every day to identify and reduce adverse impacts on the nation’s critical cyber systems", DHS Spokesman, S.Y. Lee, Wrote Thursday to »XoZeN«. Reuters Said, the Authorities were Eyeing a Hospira Drug Infusion Pump and Implantable Heart Devices Made by Medtronic and Jude Medical. Lee Declined to Confirm any Specific Companies or Devices. Hospira Spokeswoman, Tareta Adams, Offered a Statement. "Hospira has implemented software adjustments, distributed customer communications and made a commitment to evaluate other changes going forward, while ensuring we are not adversely impacting the ability of our devices to meet hospital and patient needs and maintain compliance with FDA product requirements." The 2 Other Companies did not Immediately Comment. Without Naming Companies, the Industrial Control Systems-Cyber Emergency Response Team Announced in 2013 that, a Vast Array of Heart Defibrillators, Drug Infusion Pumps and Other Medical Devices Contain Backdoors that Make them Vulnerable to Potentially Life-Threatening Hacks.


The Devices, which also include Ventilators, Patient Monitors and Surgical and Anesthesia Devices, Contain Hard-Coded Password Vulnerabilities, according to an Agency Advisory. The Advisory Said, Some 300 Medical Devices were Affected from 40 Vendors. "The affected devices have hard-coded passwords that can be used to permit privileged access to devices such as passwords that would normally be used only by a service technician. In some devices, this access could allow critical settings or the device firmware to be modified", according to the Advisory. There are No Known Instances of these Hacks being Carried Out in the Wild. But, the Fear is that, the Devices Could be Controlled Remotely, Overdose Patients, or Send a Heart-Device Implant into Overdrive.




Info Sources:

http://www.reuters.com/article/2014/10/22/us-cybersecurity-medicaldevices-insight-idUSKCN0IB0DQ20141022

http://www.hospira.com

http://www.medtronic.com

http://www.sjm.com/corporate.aspx

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-13-164-01



0 comentários:

Enviar um comentário