How Safe is that Ventilator? Medical Devices Vulnerable to Cyber Threats

The recently discovered Bash/Shellshock bug has reminded everyone of how vulnerable the Internet of Things is. Baby monitors, thermostats, alarm systems, lighting systems, cars, watches – what isn’t connected to the Internet nowadays?

Another area we might overlook, but shouldn’t, is medical devices. Yes, things like MRIs, ventilators and insulin pumps are networked now too, and they’re just as vulnerable to cyber threats.

According to, the FDA is “ramping up” its efforts to improve the security of medical devices.

One thing the FDA is doing is “collaborating on the development of a risk assessment framework to enable health care sector stakeholders to identify cybersecurity vulnerabilities and mitigate the risks,” the article reports. This collaboration is with the National Health Information Sharing and Analysis Center.

According to the article, medical devices can be hacked and can be vulnerable to software flaws and malware, which could all affect the integrity of the data and raise safety concerns for patients.

There’s an issue of awareness with this – both the device manufacturers and the health care providers are unaware of the need to identify and prevent these cyber vulnerabilities.

The FDA aims to improve things with the aforementioned framework, and will also be hosting a workshop on Oct. 21 and 22, in partnership with the Department of Homeland Security. It’s a public workshop, called “Collaborative Approaches for Medical Device and Healthcare Cybersecurity.” Its goal is to have participation by health care sector stakeholders and ultimately discuss the “development of best practices to strengthen medical device cybersecurity.”


For more on the FDA’s efforts, click here:
For more on the bug and the Internet of Things, click here:
For another interesting piece, click here:
For a story on the Bash bug, click here: