Researchers discovered serious vulnerabilities in two medical management platforms that are used for generating patients reports and managing surgeries. The vulnerabilities lead to an elevated response from the United States Food & Drug Administration and the Department of Homeland Security.
According to information from Secure Business Intelligence, an Australian news service, the vulnerabilities gave security researchers remote root access to the impacted systems. When an individual has root access to a device, he or she can control most of its functions. With the root exploit for the Philips’ platform management system, hackers could potentially steal patient records and other private healthcare information.
The exploit also gave researchers the ability to remotely control medical devices that are connected to the Philips platform. Any connected device that communicates via the HL7 standard could potentially be controlled by hackers.
Due to the severity of the exploits, both the DHS and the FDA took action. Both government groups urged Philips to fix the exploit immediately. However, Philips may have ignored initial warnings. According to Billy Rios and Terry McCorkle, the security researchers who discovered the exploit, private attempts by the researchers to warn Philips about the exploits were ignored. In response, the researchers shared information about the exploit with the FDA and the DHS.
Two days after information about the exploit was released, Marty Edwards, the control system director at the DHS, announced that the government agency would handle all future information on medical device security vulnerabilities.
A smaller exploit was also discovered in a patient monitoring tool by SpaceLabs ICS-Xprezz. The platform, designed for use with the Apple iOS, could give hackers access to restricted parts of a corporate network.
- Top Five Design Mistakes to Avoid When Specifying Stainless Steel Tubing - Supplier Resource
- Successful Medical Device Cleaning Validations: What You Need to Know - Supplier Resource
- Pharmaceutical Companies: Outsourcing Combination Product Manufacturing - Supplier Resource
- Orthopedic Implant Manufacturing - Supplier Resource
- Elcam Medical at MD&M West 2011 - Video
- David Schnur Associates at MD&M West 2011 - Video