Computer Viruses Are "Rampant" on Medical Devices in Hospitals

[InfoSec News <alerts () infosecnews org>]

http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/

By David Talbot
Technology Review
October 17, 2012

Computerized hospital equipment is increasingly vulnerable to malware 
infections, according to participants in a recent government panel. 
These infections can clog patient-monitoring equipment and other 
software systems, at times rendering the devices temporarily inoperable.

While no injuries have been reported, the malware problem at hospitals 
is clearly rising nationwide, says Kevin Fu, a leading expert on 
medical-device security and a computer scientist at the University of 
Michigan and the University of Massachusetts, Amherst, who took part in 
the panel discussion.

Software-controlled medical equipment has become increasingly 
interconnected in recent years, and many systems run on variants of 
Windows, a common target for hackers elsewhere. The devices are usually 
connected to an internal network that is itself connected to the 
Internet, and they are also vulnerable to infections from laptops or 
other device brought into hospitals. The problem is exacerbated by the 
fact that manufacturers often will not allow their equipment to be 
modified, even to add security features.

In a typical example, at Beth Israel Deaconess Medical Center in Boston, 
664 pieces of medical equipment are running on older Windows operating 
systems that manufactures will not modify or allow the hospital to 
change—even to add antivirus software—because of disagreements over 
whether modifications could run afoul of U.S. Food and Drug 
Administration regulatory reviews, Fu says.

[...]

--
CISSP and CEH Live OnLine training with ExpandingSecurity.com is the fastest,
easiest way to master the relevant data you need now.  Sign up for the free
weekly PainPill and try a free class.  It is easy.
http://www.expandingsecurity.com/PainPill