By: Pooja Jaeel

As technology gets increasingly integrated into everyday healthcare processes, the consequences of technology hacks become increasingly dire.

This past Thursday, two separate advisory notes detailing potential security weaknesses in healthcare technology were released by the FDA and ICS-CERT. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is a liaison group between the Department of Homeland Security and the private security industry.


The devices affected include heart defibrillators, patient monitors and even surgical devices. Says technical director at security firm Cylance, Terry McCorkle, “It’s safe to say most medical device manufacturers are affected. It’s kind of an industry-wide issue.”

One of the largest contributors of malicious tampering is the hard-coded password within these machines. These passwords, “can be used to permit privileged access to devices, such as passwords that would normally be used only by a service technician” explains ISC-CERT’s advisory notes. Such widespread access can lead to key programming changes in patient monitoring systems. Other contributors include old software and open network connections.

The FDA was quick to announce that there are no known deaths or injuries due to hacking but that, already, “hundreds of medical devices that have been infected by malware.” This announcement is meant to inspire preventative measures- such as updating software, changing passwords, and monitoring network usage- by hospitals and other healthcare advisors.

For the technology manufacturers, the FDA recommends adding detailed security plans when they submit technology for the FDA approval process. Yesterday’s notices can be found here: ICS-CERT  and FDA.

Sources: Ars Technica