Feds Investigating Two Dozen Potential Hacks Targeting Life-Saving Medical Devices

Staff Writer | RT USA | October 22, 2014

A senior official at the Department of Homeland Security tells Reuters that government experts are now investigating upwards of two dozen instances in which high-tech medical products may be prone to hackers.  "It isn't out of the realm of the possible to cause severe injury or death," the DHS source, who spoke on condition of anonymity, said of the potential consequences that could occur if the devices in question are exploited by malicious actors.

According to the Reuters article published on Wednesday this week by journalist Jim Finkle, the DHS Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, is reviewing “about two dozen cases of suspected cybersecurity flaws” among products alleged to include an infusion pump from Hospira Inc and implantable heart devices from Medtronic Inc and St Jude Medical Inc.  Multiple sources told Finkle that the DHS team has failed to find any evidence so far that vulnerabilities in these devices have been exploited, but nonetheless are working with the manufacturers of the items to examine and audit any computer bugs that risk being compromised.

S.Y. Lee, a spokesperson for DHS, told SCMagazine on Wednesday that the agency “actively collaborates with public and private sector partners every day to identify and reduce adverse impacts on the nation's critical cyber systems,” but declined to answer specifics; Medtronic and St. Jude Medical did not immediately return the magazine’s requests for comment, but a rep for Hospira told Reuters that the company “has implemented software adjustments, distributed customer communications and made a commitment to evaluate other changes going forward, while ensuring we are not adversely impacting the ability of our devices to meet hospital and patient needs, and maintain compliance with FDA product requirements.”...