Malware Is "Rampant" Across Medical Devices in Hospitals

Image for article titled Malware Is "Rampant" Across Medical Devices in Hospitals

Medical technology is relying more and more heavily on computational power to streamline the healthcare process. But there's a problem: computerized medical technology is increasingly vulnerable to malware infections, and nobody's doing anything about it.


In a recent government panel, experts explained how viruses and malware can clog medical devices and leave them inoperable. While no deaths or injuries have been specifically linked to the malware, the problem is apparently bad and getting worse, reports Technology Review.

The problem is that medical technology used in hospitals often uses Windows, but the install is locked down: device manufactures will not modify it, or even allow the hospital to update or upgrade it. Given that many of the devices are now networked across hospitals, and in turn connected to the internet, there's no mechanism to avoid having new malware affecting the devices. Kevin Fu, a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, explains to Technology Review:

"I find this mind-boggling. Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches."

The knock-on effect is that the devices stop working properly. While that's a pain in the ass for your personal computer, it's an altogether more serious issue in a hospital. Mark Olson, chief information security officer at Beth Israel Deaconess Medical Center in Boston, explained to Technology Review:

"It's not unusual for those devices, for reasons we don't fully understand, to become compromised to the point where they can't record and track the data... Fortunately, we have a fallback model because they are high-risk [patients]. They are in an IC unit-there's someone physically there to watch. But if they are stepping away to another patient, there is a window of time for things to go in the wrong direction."

The reason the situation has gotten so bad is that regulation over medical instrument security is hazy at best. As of Monday, Technology Review reports, the FDA was "reviewing its regulatory stance on software". Seems it can't happen soon enough. [Technology Review]

Image by phil41dean under Creative Commons license




Surely a lot of these devices have no reason to be connected to a network which can access the internet. If it is for data transfer would it not simply be safer to transfer said data on a secure internal network or just on memory sticks?