The FDA is warning that implanted medical devices, such as pacemakers and defibrillators, are often connected to networks that are vulnerable to cyber attacks that could shut down or manipulate the machinery.
Hackers with malicious intentions could introduce Malware into the equipment, thereby gaining access to configure settings in medical devices or hospital networks, the Food and Drug Administration said in a warning sent to hospitals, medical device manufacturers, user facilities, and bio-medical engineers.
“Over the past year, we’ve become increasingly aware of cyber security vulnerabilities in incidents that have been reported to us,” William Maisel, deputy director for science at the FDA’s Center for Devices and Radio-logical Health, told Reuters. “Hundreds of medical devices have been affected, involving dozens of manufacturers.”
Maisel noted that most of the infections were most likely unintentional, but that they demonstrate a very real possibility that hackers could intentionally inflict damage upon them.
The FDA report identified 300 medical devices that are at risk of crippling cyber attacks, including insulin pumps, implantable cardiovascular defibrillators, anesthesia devices, drug infusion pumps, ventilators, and pacemakers. Some of these devices can even be remotely accessed through the Internet, the FDA report said.