Feds examining medical devices for fatal cybersecurity flaws

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/tech-policy/2014/10/feds-examining-medical-devices-for-fatal-cybersecurity-flaws/

By David Kravets
Ars Technica
Oct 23 2014

It was an eerie tale. Former US Vice President Dick Cheney announced last 
year that he disabled the wireless function of the implanted heart 
defibrillator amid fears it could be exploited by terrorists wanting to 
kill him.

Cheney's announcement put a face to the fear of possible medical-device 
hacking exploits, and researchers and the federal government were slowly 
realizing there were genuine vulnerabilities associated with these 
implanted devices. They are equipped with computerized functions and 
wireless capabilities that allow the devices to be administered without 
requiring additional surgery, and therefore they could be vulnerable to 
hacker exploit.

Cheney's move may have seemed far-fetched, but his paranoia is being 
confirmed, as the Department of Homeland Security is now probing potential 
cybersecurity flaws in certain medical devices.

"The Department of Homeland Security’s (DHS) Industrial Control 
Systems-Cyber Emergency Response Team (ICS-CERT) works directly with the 
Food and Drug Administration (FDA) and medical devices manufacturers, 
health care professionals, and facilities to investigate and address cyber 
vulnerabilities. DHS actively collaborates with public and private sector 
partners every day to identify and reduce adverse impacts on the nation’s 
critical cyber systems," DHS spokesman S.Y. Lee wrote Thursday to Ars.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/