DHS to investigate med devices, hospital equipment for cybersecurity issues

Medical devices and hospital equipment are under investigation by the U.S. Department of Homeland Security after suspected cybersecurity flaws that could allow the tools to be hacked, according to a Reuters article.

The products--which include an infusion pump from Hospira Inc. and implantable heart devices from Medtronic Inc. and St Jude Medical Inc.--are under review by DHS' Industrial Control Systems Cyber Emergency Response Team, according to the article.

However, no instances of hackers attacking patients through the devices are known, according to sources cited in the article. Still, DHS has concerns that the tools could be activated remotely, and is working with manufacturers to identify and repair software bugs and vulnerabilities.

The companies impacted declined to comment on the DHS investigations, according to Reuters, but said they have made changes to improve product safety.

This news comes on the heels of a public meeting earlier this week of government agencies and healthcare leaders to address cybersecurity of medical devices, whose attendees included the U.S. Food and Drug Administration, DHS and the U.S. Department of Health and Human Services.

The FDA recently released guidelines for manufacturers and healthcare providers to better secure medical devices. In the guidance, the agency called for device makers to account for cybersecurity risks during design and creation, and to submit documentation on any risks identified and controls developed to lessen such risks.

However, the FDA also is dealing with its own security fallout after a test of its computer network by HHS' Inspector General uncovered several vulnerabilities.

The report identified five problems with the network, including inadequate Web page input validation, external systems that don't enforce account lockout and a lack of assessments performed on external servers.

To learn more:
- read the Reuters article