Stories
Slash Boxes
Comments

SoylentNews is people

US Security Agencies Look at Medical Device Security

posted by azrael on Tuesday October 28 2014, @05:11PM   Printer-friendly
from the hacking-your-tricorder dept.

tonyPick writes:

IEEE Spectrum has a a story on Medical device security, which follows a report from Reuters that The U.S. Department of Homeland Security is investigating possible security flaws in medical devices and hospital equipment.

From Reuters:

The products under review by the agency's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, include an infusion pump from Hospira Inc and implantable heart devices from Medtronic Inc and St Jude Medical Inc, according to other people familiar with the cases, who asked not to be identified because the probes are confidential.

According to Spectrum the ICS-CERT team:

wants to help manufacturers fix software bugs and other vulnerabilities that could be exploited by hackers; agency sources emphasized that the companies did not do anything wrong.

The Spectrum article also references the 2011 case of remotely hacking an insulin pump, demonstrated by Jerome Radcliffe.

 
This discussion has been archived. No new comments can be posted.
US Security Agencies Look at Medical Device Security | Log In/Create an Account | Top | 11 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Tuesday October 28 2014, @07:06PM

    by Anonymous Coward on Tuesday October 28 2014, @07:06PM (#110945)

    The Department of Homeland Security?? Why not refuse to certify life-and-death devices whose security is unacceptable, and prosecute anyone who runs uncertified medical equipment? Why all the complexity and bureaucracy?

  • (Score: 2) by Sir Garlon on Tuesday October 28 2014, @08:38PM

    by Sir Garlon (1264) on Tuesday October 28 2014, @08:38PM (#110972)

    It's the Food and Drug Administration (FDA) that certifies medical devices, and a few weeks ago the FDA issued completely toothless, voluntary recommendations [fda.gov] for medical device security. Since the FDA is not taking device security seriously (because it's been captured by industry lobbyists), DHS feels the need to step in.

    --
    [Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.

    • (Score: 0) by Anonymous Coward on Wednesday October 29 2014, @01:14PM

      by Anonymous Coward on Wednesday October 29 2014, @01:14PM (#111127)

      The DHS should stop doing the FDA's job then. They're wasting taxpayer money. They should shout loud and clear lives are at risk because the FDA refuses to do its job, and their manager (the President, ultimately) should resolve the conflict by ensuring one agency isn't doing another agency's job, and that if an agency is not doing their own job, heads roll. What the DHS is doing is just making matters worse.