In what can be regarded as a diversification of its prey-base, hackers are "continuously" targeting medical devices and hospitals, the US Federal Drug Administration has warned.
The alert comes in new FDA rules that define how medical equipment manufacturers should combat cyber-threats. Medical equipment should be constantly vigilant, said the watchdog, and make sure they can patch the flaws found in gadgets. Its rules come at the end of a year that witnessed defects found in numerous medical devices, and hospitals hit by malware.
Dr. Suzanne Schwartz, FDA associate director at its Centre for devices and radiological health wrote in a blog, "Cyber-security threats are real, ever-present, and continuously changing,". "Hospital networks experience constant attempts of intrusion and attack, which can pose a threat to patient safety."
To effectively address threats to devices in hospitals or worn by patients, manufacturers need to think about security throughout the entire lifecycle of a product, Dr. Schwartz further noted. Furthermore, she said, they needed to:
- Â constantly monitor threats
- Â detect vulnerabilities in the code their devices run
- Â assess the potential dangers the products pose
- Â make sure they can update gadgets to close any loopholes
Manufacturers should also become more comfortable in cooperating or collaborating with security researchers who scrutinize gadgets for potential defects, she asserted. Â Some researchers were threatened with litigation after identifying a flaw. Researchers have exposed flaws in many products, including defibrillators and drug infusion pumps. Some have also documented attacks on larger pieces of equipment such as MRI scanners.