Have an account? Please log in.
Text size: Small font Default font Larger font
Radiology Daily
Radiology Daily PracticalReviews.com Radiology Daily
  • Comments

Medical device security expert Kevin Fu, PhD, says the latest implantable devices, such as pacemakers, have been engineered for good cypersecurity. However:

While devices like MRI machines, mammography, and other radiological imaging may be lower consequence, in my experience they also tend to be more vulnerable because they tend to be running commercial, off-the-shelf software like Windows XP.

Dr. Fu is quoted in a thought-provoking, and possibly alarming, DOTmed News interview published today. He’s an associate professor of electrical engineering and computer science at the University of Michigan and director of the university’s Archimedes medical device security center.

So far, no hackers appear to have compromised medical devices. “All the incidents I’m aware of are malware that accidently got into a medical device” Dr. Fu said. “For instance, in my lab, we have a pharmaceutical compounder, a device that creates nutrients taken intravenously. And it happens to run Windows XP, a piece of software that is 10 years old and riddled with security vulnerabilities. Yet it’s still being deployed.

“Think of our outdated home PC software that got hit with malware. We’ve probably replaced them 10 years ago. But guess what? They’re still in hospitals.”

Last week the Food and Drug Administration issued new cybersecurity guidelines for device manufacturers and health care facilities.

“I know some manufacturers are already taking these steps but are hesitant to speak up and say they’re doing that,” Dr. Fu said. “My suspicion is that they don’t want to draw attention to themselves to become a target.”

He said the FDA guidelines will help. “The manufacturers are the only ones who can change the design space,” he said, “and they’ve now received notice from the FDA about the importance of cybersecurity at that early design phase.”

But he expects no quick breakthroughs. “I have a 164-year research plan to solve this,” he said. “I kid you not! One hundred and sixty-five years ago, Ignatius Semmelweis suggested that physicians should wash their hands when working with patients to avoid mortality and morbidity. [Editor’s note: It was actually 166 years ago, in 1847.] People thought it was heresy. How dare you question the cleanliness of a physician’s hands? And we still have hand-washing problems today.

“So I don’t think the cypersecurity question is going away anytime soon.”

Related CME seminar (up to 29.75 AMA PRA Category 1 credits™): UCSF Radiology Review: CLINICAL HIGHLIGHTS


Permalink: http://www.radiologydaily.com/?p=11112


  • No Related Posts
  • Comments

Would you like to keep current with radiological news and information?

Post Your Comments and Responses

Comments are closed.