FDA Seeks to Plug Swiss Cheese-size Holes in Medical Device Security Systems

Article title
logo

The Internet giveth and the Internet taketh away.

For years, we’ve been hearing about the benefits online tools will bring to the medical industry, especially at hospitals and physicians’ offices.  Many of those promises have come true, and its been a benefit for patients and industry.

But that sound you are hearing could be the other shoe dropping.

Perhaps reacting in part to a sobering year-long series by The Washington Post finding big, big holes in medical device security systems, the FDA this week (June 17) issued a new safety communication suggesting the hospitals take this threat to medical devices seriously.

Meantime, the FDA have been busy beavers. Last week the agency issued an alert and notices bulletin advising the industry to shore up key medical device security provisions.

Among its recommendations for responsible medical device manufacturers:

  • Swiss CheeseKick the tires on your program designed to limit unauthorized device access to trusted users.
  • Utilize stronger security controls such as user authentication, user ID and password, smartcard or biometrics; strengthening password protection by avoiding hard-coded passwords and limiting public access to passwords used for technical device access; physical locks; card readers; and guards.
  • Use design approaches that maintain a device’s critical functionality, even when security has been compromised, known as “fail-safe modes.”
  • Provide methods for retention and recovery after an incident where security has been compromised

No, neither Woodward or Bernstein were involved in The Post piece, but its pretty thorough and damning for the medical device industry nonetheless.

Security analysts at cyber security firm Cylance found it was depressingly easy to figure out hundreds of passwords for sensitive surgical equipment, patient monitors, among others.

“We stopped after we got to 300,” Billy Rios, who found the passwords with his colleague Terry McCorkle, told The Post.

They tell me Swiss cheese holes are the result of bacteria popping (some use a grosser word). I’m no foodie, leaving that to fellow blogger Kim Egan and celebrity chefs, but I do understand that these are “good” holes.

Holes in medical device security programs are not among them.

Summary
FDA Seeks to Plug Swiss Cheese-size Holes in Medical Device Security Systems
Article Name
FDA Seeks to Plug Swiss Cheese-size Holes in Medical Device Security Systems
Description
A sobering series by The Washington Post found big holes in medical device security systems, the FDA has issued a new safety communication urging hospitals take this threat to medical devices seriously.
Author
Publisher Name
AssurX
Publisher Logo
article_logo

Leave a Reply

One Platform. Every Solution.
AssurX Quality + Compliance ManagementA single versatile system can improve quality, compliance and streamline workflow
Don't Miss A Post

Subscribe to our blog to receive an email when we publish new content.

Recommended posts
Recent Posts
Categories
One Platform. Every Solution.
AssurX Quality + Compliance ManagementA single versatile system can improve quality, compliance and streamline workflow