5

Keeping Computer Viruses Off Of Medical Devices

The National Institute of Standards and Technology held meetings last fall for its Information Security & Privacy Board. During these meetings, experts expressed concern over the volume of malware on medical devices. One cause for the infestations is that medical device manufacturers won’t allow hospitals to use solutions like virus protection software or scans. Another cause is that manufacturers often run old operating systems out of concern that upgrades may violate FDA regulations.

medical_computer

Malware can infect machines ranging from expensive diagnostic imaging devices to compounders that prepare intravenous nutrition and drugs. If a machine like a blood gas analyzer gave a false reading because of malware, then a patient could experience serious harm. The U.S. Government Accountability Office (GAO) has specifically warned that devices like patient insulin pumps and internal defibrillators could malfunction because of malware vulnerabilities. However, the board points out that any network-connected medical device could be vulnerable to infection.

Real-Life Medical Malware Scenarios

MIT Technology Review cited an example of medical device malware proliferation from Boston’s Beth Israel Deaconess Medical Center. In this facility, IT has identified 664 medical devices running on old Windows operating systems because of manufacturers’ restrictions. Beth Israel’s chief information security officer, Mark Olson, says that at least one or two machines are taken out of commission weekly to be cleansed of malware.

Malware can render patient monitoring devices and software systems temporarily inoperable, and experts fear that patient injury is only a matter of time. In one intensive care unit that treated women with high-risk pregnancies, for example, malware clogged up fetal heart rate monitors and caused them to work significantly more slowly. If someone hadn’t been present to catch the issue, then doctors wouldn’t have known if the babies or their mothers were in distress.

In 2009, the Conficker worm infected an obstetrical care workstation, a radiology workstation and several nuclear medicine applications at Beth Israel. The systems were shut down, cleaned and isolated from the network before anyone was injured. However, unless manufacturers and regulators begin to seriously address the problem, most experts agree that patient injury or even fatality is inevitable.

Analysts say that most medical device malware infections are linked to botnets. Hackers use malware to gain control of large numbers of computers, which then form botnets, or armies of compromised computers. Hackers can then use these “zombie computers” to wage large-scale distributed denial-of-service (DDOS) attacks against any kind of network.

Why the Problem Isn’t Getting Better Quickly

Although regulators have known about these issues for some time, device manufacturers, hospitals and the FDA have made little progress for a number of different reasons:

  • Economic pressures. Medical device manufacturers face pressures just like any other business to develop products quickly and get them to market fast. Testing for quality, reliability and safety can slow down that process.
  • Underreporting. Many hospital staff and medical providers don’t report malware problems to manufacturers or to state and federal regulators. Experts say that staff members feel that they have no recourse for fixing the problem, so they don’t bother reporting it.
  • Sluggish FDA response. While the FDA has begun to review its software policies, the pace of the process has been slow. Changing policy means new culture, new technology, new staff and new approaches, and changing management takes time.
  • Inconsistent manufacturer policies. The FDA has issued some guidance saying that software updates don’t always require regulatory review. However, to avoid liability, many manufacturers hesitate to skirt the process. While some manufacturers will provide patches and security guidance, other manufacturers supply nothing. Hospitals prefer to firewall non-secure devices, but IT departments can’t maintain hundreds of firewalls on every hospital network.

Potential Solutions

Mark Olsen has suggested a number of solutions that manufacturers can implement into medical devices. He suggests that manufacturers include antivirus software and allow OS patches for all devices. He also suggests adding logging capabilities and support for Microsoft Active Directory. Security solutions should be flexible enough to accommodate any hospital security model, and “phone home” services that bypass firewalls should be eliminated by manufacturers. Finally, Olson asks that manufacturers implement off-the-shelf operating systems because they allow hospitals to save money, and they ensure that machines aren’t riddled with unnecessary programs.

Jeska Blogs


GD Star Rating
loading...
Opt In Image
Sign-up To Our Newsletter....
...And Get This FREE eBook!
  • Understand the phenomenon behind Google Sitelinks.
  • Increase the visibility and popularity of your Website.
  • Find out how you can improve the link structure of your site.
  • Determine how to put your Website on the Google Sitelinks map.
  • Learn how you can use Google Sitelinks to get more targeted-SEO traffic to your Website.
Filed in: Security Tags: computer viruses, security software, Technology

Get Updates

Share This Post

Related Posts

5 Responses to "Keeping Computer Viruses Off Of Medical Devices"

  1. myles
    Twitter:
    says:

    WOW i did not know that virus can affect at such heights. :/ thanks BTW for the awesome post.

    GD Star Rating
    loading...
  2. Karan Oberoi says:

    Hi Jesika,

    This is a new way I have heared ever that virus can effect through this and I have already two doctors in my home. Thanks a lot for sharing this usefull Information.

    Regards
    Karan

    GD Star Rating
    loading...
  3. Very informative article about avoiding computer viruses. Thank you sharing.

    GD Star Rating
    loading...
  4. Apu Mridha says:

    Thanks for sharing this amazing article… loved it ! :D

    Apu

    GD Star Rating
    loading...

Leave a Reply

Submit Comment

© 2014 TechSling Weblog. All rights reserved.
Designed by TechSling Online.