Participants in a recent government panel warn that computerized medical devices are increasingly susceptible to hacking, including infections by computer viruses.
According to a story in MIT’s Technology Review, the malware infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.
The report quotes Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, as saying: “I find this mind-boggling. Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There’s little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches.”
A story on the issue in Forbes says that in September, the Government Accountability Office issued a report which warned that computerized implanted defibrillators and insulin pumps could be vulnerable to hacking, and pose a safety threat. Although the GAO asked the U.S. Food and Drug Administration to address the issue, nothing has yet been done.
This is occurring at a time when the FDA is under increasing pressure to provide stricter safety controls on medical devices.
Under the FDA’s 510(k) loophole, medical devices can go on the market without clinical testing in humans. Two devices alone that were approved under that process have generated thousands of reports of early failure, and injury for their recipients.
The DePuy hip was recalled after studies indicated that nearly half of the devices had to be replaced within six years, and numerous reports surfaced of toxic metal debris breaking off and getting into patients’ soft tissues.
And transvaginal mesh implants, used to treat pelvic organ prolapse and urinary incontinence, have been the subject of an FDA public health warning following widespread complaints that they’re prone to eroding in patients’ bodies. Resultant health problems include chronic pain, infection and organ perforation.
According to Technology Review, the problem is due in part to the fact that software-controlled medical equipment has become increasingly interconnected in recent years. Many systems run on variants of Windows, which is a common target for hackers.
The medical devices are usually connected to an internal network that is itself connected to the Internet, and are also vulnerable to infections from laptops or other device brought into hospitals. Aggravating the problem is the fact that manufacturers often will not allow their equipment to be modified, even for the addition of security features.
You should consult with a doctor if you have any ongoing symptoms or health concerns from a DePuy hip or transvaginal mesh implant. If you have significant injuries, you should also consult with a DePuy hip or transvaginal mesh lawyer to discuss your legal rights.
See the Forbes story here:
See the Technology Review story here:
https://www.govinfosecurity.com/fda-tackling-medical-device-security-a-5210
