Study Examines Security and Privacy in Computer-Related Medical Device Recalls

Nearly one-third of all recalled medical devices contain computers, and half of those are recalled because of computer-related problems, according to a recent study.

Nearly one-third of all recalled medical devices contain computers, and half of those are recalled because of computer-related problems, according to a recent study.

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance’ was funded by the Department of Health and Human Services. The study analyzes the FDA’s weekly enforcement reports, medical and radiation emitting device recalls, and the manufacturer and user facility device experience database to explore the basis of a growing concern about security and privacy implications stemming from the increased production of and reliance upon internet-connected and Wi-Fi-ready medical devices.

Between 2002 and 2010, 523 of the 537 recalls that mentioned the word ‘software’ in recall reports cited software problems as the specific reason for recall.

Only 35 of the 605 (recalled) computer-equipped medical devices were recalled due to a flaw in patient data storage and only 31 of those were recalled because of a wireless communication bug.

To test response time, one of the study’s co-authors submitted a software vulnerability for an automated external defibrillator. That report took nine months to process, which the study claims is problematic considering that it is only a matter of hours between the discovery of a conventional computer security vulnerability and its exploitation.

According to the report, there have been hundreds of reports of conventional viruses infecting all sorts of medical devices. Beyond that, researchers have and continue to identify new vulnerabilities in medical devices. Despite this, the study claims that “there are no known case reports of malevolent interference that specifically target medical device function.”

Suggested articles

Discussion

  • find on

    I drop a comment whenever I like a article on a site or if I have something to valuable to contribute to the discussion. It is a result of the passion communicated in the article I browsed. And on this article Study Examines Security and Privacy in Computer-Related Medical Device Recalls | threatpost. I was actually excited enough to drop a thought :-P I actually do have a few questions for you if you usually do not mind. Is it just me or does it appear like some of the remarks appear like coming from brain dead visitors? :-P And, if you are writing on other social sites, I'd like to keep up with you. Could you make a list the complete urls of your community sites like your Facebook page, twitter feed, or linkedin profile?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.