Healthcare Hackers—Homeland Security Warns Of Danger To Patient Safety – Forbes
CISA and the FDA warn of patient montior backdoor hacking threat.
Healthcare hackers are making headlines right now following a ransomware attack against the New York Blood Center, which supplies blood to more than 200 U.S. hospitals, which has disrupted blood donations in the process. But that’s not all; more than a million medical records have been stolen by hackers in an hacking incident at Connecticut-based healthcare provider Community Health Center. Just when you think that the healthcare sector has hit rock bottom on the security scare front, the Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security, along with the Food and Drug Administration, has issued a danger to patient safety warning following the discovery of a backdoor in patient monitor hardware. Here’s what you need to know.
In order to raise awareness among healthcare providers, healthcare facilities, caregivers and, not least, patients themselves, the FDA and CISA have issued Jan. 30 warnings regarding cybersecurity vulnerabilities that amount to a “backdoor” in certain patient monitors that “may put patients at risk after being connected to the internet.” That risk becomes worryingly clear when you understand that the vulnerabilities allow the patient monitor to be remotely controlled by a hacker, patient data to be collected, and the healthcare networks the device is attached to put at risk of compromise.
The FDA lists the following China-manufactured healthcare devices regarding the embedded backdoor and vulnerability warning:
I have reached out to Contec Medical Systems and Epsimed for a statement.
The CISA fact sheet detailing the latest healthcare hardware hacking threat stated that while Contec Medical Systems is headquartered in Qinhuangdao, China, the device itself is used in medical settings across the U.S. and European Union to provide continuous monitoring of a patient’s vital signs such as tracking electrocardiogram, heart rate, blood oxygen saturation, non-invasive blood pressure, temperature and respiration rate. “CISA assesses that inclusion of this backdoor in the firmware of the patient monitor can create conditions which may allow remote code execution and device modification with the ability to alter its configuration,” CISA said, “This introduces risk to patient safety as a malfunctioning patient monitor could lead to an improper response to patient vital signs.”
“Be aware the FDA is not aware of any cybersecurity incidents, injuries, or deaths related to this vulnerability at this time,” the FDA said. However, CISA has “strongly urged” all healthcare sector organizations to review the fact sheet and implement the FDA’s mitigations as follows:
Patients and caregivers, meanwhile, are advised to talk to their healthcare provider, and if it confirms their patient monitor relies upon remote monitoring features, then “unplug the device and stop using it” and look to use an alternative patient monitor.
Healthcare providers should check the aforementioned patient monitors for any signs of unusual functioning, such as “inconsistencies between the displayed patient vitals and the patient’s actual physical state.,” and report these to the FDA.
One Community. Many Voices. Create a free account to share your thoughts.
Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.
Your post will be rejected if we notice that it seems to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So, how can you be a power user?
Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.
