Tag: medical devices

Homeland Security Warns Of Expanding Medical Device Attacks

A bulletin published by the Department of Homeland Security has warned that the increasing use of wireless networking technology to enable medical devices expands the ways that those devices could be hacked. The bulletin, published May 4 by DHS’ National Cybersecurity and Communications Integration Center, warns that advances in medical devices, including Internet connectivity and the use of smartphones, tablets and other mobile devices in patient care “expands the attack surface” of medical devices. “Smartphones and tablets are mini computers with instant access to the internet or linked directly to a hospital’s network. The device or the network could be infected with malware designed to steal medical information if not upgraded with the latest anti-virus and spy-ware software,” DHS said. Advances in medical device technology have already greatly improved medical care, especially in areas like medical health records and remote monitoring of patients with implantable medical devices. However, too little […]

Continue Reading

Fitbitten: Researchers Exploit Health Monitor To Earn Workout Rewards

Call it “the quantified self” – that intersection of powerful, IP-enabled personal health monitoring tools and (usually) Web based tools for aggregating, analyzing and reporting. The last five years has brought an explosion in these products. In addition to the long-popular gear like Garmin GPS watches – must have items for the exercise addicted – there’s a whole range of new tools for the merely “exercise curious” or folks interested in losing weight or just figure out what, exactly, they do all day. Count  Nike’s FuelBand, Jawbone’s UP, and Fitbit in that category. Alas, a growing number of reports suggest that, when it comes to medical devices and health monitoring tools, the security of sensitive personal data isn’t a top priority. The latest news comes by way of researchers at Florida International University in Miami, Florida. A team of three researchers, composed of students and faculty, analyzed the Fitbit health monitoring device […]

Continue Reading

Uncle Sam Needs A Plan: GAO Pans Govt. Cybersecurity Efforts in 100 Page Report

There’s been a lot of light and heat in the last week when it comes to the U.S. government and cyber security. After all, President Obama just released his Executive Order on cyber security, which puts an emphasis on identifying and protecting critical infrastructure and, just maybe, pushes the sprawling federal bureaucracy towards better security practices. But a just-released report from the Government Accountability Office (GAO) makes clear that, in the big scheme of things, the Executive Order is just window dressing on the mess that is the Federal Government’s handling of cyber security. The report, GAO-13-187 (PDF), is a round-up and updating of previous reports that studied aspects of federal cyber security as they affect a wide range of federal agencies. The GAO’s conclusion? Uncle Sam has made negligible progress towards improving the security of its information systems, and has little to show in key areas such as responding to […]

Continue Reading

For Industrial, Medical Systems: Bugs Run In The Family

On the surface, the kinds of industrial control systems that run a power plant or factory floor are very different from, say, a drug infusion pump sitting bedside in a hospital intensive care unit. But two security researchers say that many of these systems have two important things in common: they’re manufactured by the same company, and contain many of the same critical software security problems. In a presentation at gathering of industrial control security experts in Florida, researchers Billy Rios and Terry McCorkle said an informal audit of medical devices from major manufacturers, including Philips showed that medical devices have many of the same kinds of software security holes found in industrial control system (ICS) software from the same firms. The research suggests that lax coding practices may be institutionalized within the firms, amplifying their effects. Rios (@xssniper), a security researcher at Google, and McCorkle (@0psys), the CTO of SpearPoint […]

Continue Reading

University Course Will Teach Medical Device Security

The University of Michigan will be among the first to offer graduate students the opportunity to study the security of advanced medical devices. The course, EECS 598-008 “Medical Device Security” will teach graduate students in UMich’s Electrical Engineering and Computer Science program “the engineering concepts and skills for creating more trustworthy software-based medical devices ranging from pacemakers to radiation planning software to mobile medical apps.” It comes amid heightened scrutiny of the security of medical device hardware and software, as more devices connected to IP-based hospital networks and add wireless monitoring and management functionality. The new course comes amid rapid change in the market for sophisticated medical devices like insulin pumps, respirators and monitoring stations, which increasingly run on versions of the same operating systems that power desktops and servers. In 2011, the US Food and Drug Administration (FDA) reported that software failures were the root cause of a quarter […]

Continue Reading
1 16 17 18 19