The U.S. Department of Homeland Security, or DHS, is conducting an investigation to study the susceptibility of medical devices and hospital equipment to cybercrime, a report said Wednesday, citing a senior official who revealed that the investigation is based on about two dozen cases of possible cybersecurity flaws.
The devices that are being inspected by the agency’s Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, include an infusion pump from Hospira and implantable heart devices from Medtronic and St Jude Medical, Reuters reported. Although there have been no reported instances of hackers using these devices to attack patients, the U.S. government is concerned that hackers may try to access the products remotely.
After gaining control remotely, hackers can instruct an infusion pump to overdose a patient with drugs, or force a heart implant device to deliver a deadly jolt of electricity, Reuters reported, citing the sources.
“These are the things that shows like 'Homeland' are built from,” the DHS official told Reuters, referring to the American political thriller television series in which a fictional vice president of the U.S. is assassinated by hacking into his pacemaker.
“It isn't out of the realm of the possible to cause severe injury or death,” the official said, adding that the agency is working with manufacturers to detect and fix software vulnerabilities that could help hackers access confidential data and control medical devices.
The latest probe comes after the U.S. Food and Drug Administration, or FDA, recently announced guidelines for manufacturers and health care providers to increase security in medical devices.
“The conventional wisdom in the past was that products only had to be protected from unintentional threats. Now they also have to be protected from intentional threats too,” William Maisel, chief scientist at the FDA's Center for Devices and Radiological Health, told Reuters, without commenting on the DHS probe.