Slashdot Mirror

← Back to Stories (view on slashdot.org)

DHS Steps In As Regulator for Medical Device Security

Posted by timothy on from the handicapper-general dept.

mask.of.sanity writes "The Department of Homeland Security has taken charge of pushing medical device manufacturers to fix vulnerable medical software and devices after researchers popped yet another piece of hospital hardware. It comes after the agency pushed Philips to move to fix critical vulnerabilities found in its popular medical management platform that is used in a host of services including assisting surgeries and generating patient reports. To date, no agency has taken point on forcing the medical manufacturers to improve the information security profile of their products, with the FDA even dubbing such a risk unrealistic (PDF)."

4 of 123 comments (clear)

  1. DHS covering an awful lot these days ... by gstoddart · · Score: 5, Insightful

    It seems the DHS keeps expanding its mandate into ever broader areas.

    And, quite frankly, that's a little creepy -- it's becoming this vast umbrella which has control over everything.

    --
    Lost at C:>. Found at C.
    1. Re:DHS covering an awful lot these days ... by Anonymous Coward · · Score: 5, Insightful

      It was assigned to the wrong DHS... this should fall under the Department of Health and Human Services (HHS). Someone needs to tell a director that Homeland Security is stealing a project that should be theirs (i.e. taking their power).

    2. Re:DHS covering an awful lot these days ... by timeOday · · Score: 4, Insightful
      What does HHS or FDA know about computer security? Nothing. It is a technical niche. Trying to independently stand up a computer security audit group within every niche of government just because they all use computers is crazy.

      As for DHS covering too many things.... DHS isn't really anything in itself. It's just an umbrella created after 911 to try and make connections between what where (and still are for the most part) essentially independent organizations that suffer from too much redundancy and tribalism. (Which is not to say the DHS is necessarily doing a good job of solving these problems).

  2. Re:manufacturers need to let os updates and AV sof by mcmonkey · · Score: 5, Insightful

    manufacturers need to let os updates and AV software to be install on there systems if they want / need to be on the hospital network.

    Because running untested software is a bad idea. Heath care systems and medical device software should get the benefits of updates and patches, but only after those updates have been tested for those specific systems and software. Whatever the vendor does prior to release is insufficient.

    When entire hospital processes come to a halt because the latest AV update mistakenly identifies a core OS file as a trojan, you'll come back and say, why are manufactures letting updates to be installed on their systems?

    As with many things, the best path is in the middle. Critical systems should be updated as preventative maintenance, but administrators cannot rely on vendor testing alone.