Slashdot Mirror

← Back to Stories (view on slashdot.org)

DHS Steps In As Regulator for Medical Device Security

Posted by timothy on from the handicapper-general dept.

mask.of.sanity writes "The Department of Homeland Security has taken charge of pushing medical device manufacturers to fix vulnerable medical software and devices after researchers popped yet another piece of hospital hardware. It comes after the agency pushed Philips to move to fix critical vulnerabilities found in its popular medical management platform that is used in a host of services including assisting surgeries and generating patient reports. To date, no agency has taken point on forcing the medical manufacturers to improve the information security profile of their products, with the FDA even dubbing such a risk unrealistic (PDF)."

4 of 123 comments (clear)

  1. DHS covering an awful lot these days ... by gstoddart · · Score: 5, Insightful

    It seems the DHS keeps expanding its mandate into ever broader areas.

    And, quite frankly, that's a little creepy -- it's becoming this vast umbrella which has control over everything.

    --
    Lost at C:>. Found at C.
    1. Re:DHS covering an awful lot these days ... by Anonymous Coward · · Score: 5, Insightful

      It was assigned to the wrong DHS... this should fall under the Department of Health and Human Services (HHS). Someone needs to tell a director that Homeland Security is stealing a project that should be theirs (i.e. taking their power).

  2. Nuance by Toe,+The · · Score: 5, Funny

    Technology in hospitals? Good.

    Internet-connected technology in hospitals? Why?

    Sure, people in hospitals need information, but surely something which is assisting in the physical process of a surgery (etc.) doesn't need to be in the cloud, does it?

    The cloud can be cool, but be reasonable. Why not put the operations of the CIA into Salesforce.com while we're at it?

  3. Re:manufacturers need to let os updates and AV sof by mcmonkey · · Score: 5, Insightful

    manufacturers need to let os updates and AV software to be install on there systems if they want / need to be on the hospital network.

    Because running untested software is a bad idea. Heath care systems and medical device software should get the benefits of updates and patches, but only after those updates have been tested for those specific systems and software. Whatever the vendor does prior to release is insufficient.

    When entire hospital processes come to a halt because the latest AV update mistakenly identifies a core OS file as a trojan, you'll come back and say, why are manufactures letting updates to be installed on their systems?

    As with many things, the best path is in the middle. Critical systems should be updated as preventative maintenance, but administrators cannot rely on vendor testing alone.