Networked medical devices can be put to death
Network security researchers have warned that both cars and rifles are at risk of being hijacked by hackers. Now, federal regulators are warning about a pump-type device used to deliver drugs, because the device may also be hacked.
Computer applications can make medical devices more accurate, however, like other software, they may have loopholes in programming. When a savvy hacker succeeds in hacking medical equipment such as pacemakers, insulin pumps, etc., the damage he can do is much more serious than blacking out a cell phone or computer.
Over the years, the government has been warning about the cyber risks associated with the networking of medical devices. On Friday, US regulators said a pump-based device that delivers drugs to patients (Symbiq infusion system, manufactured by medical device manufacturer Hospira) is at risk of being invaded by hospitals outside the hospital network. "Unauthorized users can manipulate the device to change the dose of the drug delivered after the invasion is successful, leading to a bias in the amount of drug used during treatment," the Food and Drug Administration wrote in an online publication.
Experts believe this is a potentially fatal flaw. Billy Rios worked as a software engineer at Google and is now a security consultant. He was authorized by the Department of Homeland Security to investigate vulnerabilities in pump-type devices produced by Hospira. "There is no doubt that such a vulnerability can be put to death once it is exploited. This guess has been confirmed from a procedure we wrote for the vulnerability. We have submitted the study to the Department of Homeland Security and Food and Drug Administration. In the hands of the bureau," Billy said.
US Food and Drug Administration tightens medical device standards due to cybersecurity issues
In 2011, Jay Radcliffe succeeded in blacking out a computerized insulin pump through a wireless network. According to him, the hidden dangers of cybersecurity are more terrible than the hidden dangers of medical devices themselves. "These devices are connected to the hospital's network - as long as there are loopholes in the hospital's network, hackers will have the opportunity to invade and gain control of these devices."
The US Food and Drug Administration strongly recommends that medical institutions stop using the pump. According to the Food and Drug Administration's investigation, Hospira itself and its agents are unaware of the vulnerabilities that are implicit in this product. According to a notice published on the official website, the company decided to stop producing the pump for strategic reasons, and the company is now withdrawing the product from the market.
"After learning about this product's flaws, we will follow up with customers on network security, software and hardware updates and enhancements," Hospira said.
The US Food and Drug Administration has previously mentioned the security vulnerabilities implied by Hospira's other drug pump products. Rios is dissatisfied with the company's response to the vulnerability. He believes that the company has not proposed a solution for the products in use on the market, but simply urges the medical institutions to purchase the latest models for replacement.
"In order to better reflect the company's emphasis on cybersecurity issues, we have designed a new infusion system that includes a stronger network security module." The company's statement on the vulnerability of the Symbiq infusion system Said up.
According to experts, such problems do not only occur on Hospira's products. "What we need to do now is to give all companies a clear understanding: if the equipment you produce is computerized, then you have to be ready to patch them and provide updates." Radcliffe Said.
Yes, the terrorists had a chance to black out the heart of Dick Cheney.
According to Radcliffe, many medical device manufacturers have a technical response process for vulnerability feedback reports, but when they just received feedback from independent security researchers, they often suspected they were being subjected to extortion from cybercriminals. .
Radcliffe said that he has not heard of cases of harm to patients due to cybersecurity problems in medical devices. However, even if such damage occurs, we are hard to detect. "Patients who need such medical devices are already very weak, so even if the patient dies, no one will think about checking the device for human factors," Radcliffe said.
Experts believe that it is very difficult to investigate such deaths from a technical point of view. "The current ability to collect evidence for such devices is still very low, and it is difficult to define whether these devices have been attacked," Rios said.
In 2015, we have entered the enthusiasm of medical network risk; in the future, the risk exposure will become bigger and bigger.
A hacked medical device, even if it doesn't directly harm the patient, has another problem: a security company called TrapX released a report in May saying it found hackers using X-ray scanning. Medical devices such as instruments are used as tools to invade other parts of the hospital network, in which case patient information may be leaked.
Infertility Ingredients,Organic Dodder Seed Extract,Natural Organic Dodder Seed Extract,Herbal Extract Chinese Dodder Seed Extract
Xi'an XJeson Biotech Co., Ltd , https://www.xjesonbio.com