You may have seen news that US Food and Drug Administration is now “strongly encouraging” hospitals not to use a leading brand of drug pump over hacking fears. The BBC story is here for more details. John Smith, Principal Solution Architect at Veracode commented on the FDA issues warnings to hospitals over hackable drug infusion pumps.
John Smith, Principal Solution Architect at Veracode :
It is unsurprising that the FDA is urging healthcare facilities to switch from Hospira’s Symbiq Infusion System to alternative infusion systems “as soon as possible” considering its reported vulnerability. Information security professionals have been citing hypothetical examples similar to this case for years, exemplifying the new threat that many Internet of Things (IoT) devices pose: in this case, the threat to human health rather than mere data.
What is perhaps most worrying in this instance, however, is not that this vulnerability exists in a healthcare device but that it has been claimed that the security flaw has gone unfixed for over a year. It is essential that the IoT security is looked at holistically to ensure that the devices, as well as their mobile and web applications and back-end cloud services, are built securely by default. Security should not be treated as a bolt-on, or we risk not only putting sensitive information in jeopardy but potentially opening ourselves up to physical harm.
view the full story here