The Food and Drug Administration (FDA) has issued an unusual safety communication alleging that Internet-enabled medical devices and hospital computer networks are at serious risk of cyberattack by malicious criminals.
According to the FDA report, the “Internet of things” and smart medical device manufacturers fail to implement basic security features in their products. Furthermore, it also notes that hospitals have been negligent in implementing appropriate firewalls and restricting access to servers.
Cylance, a security firm that contributed to the warning, told Fast Company in an email the lapses included hard-coded default passwords for medical devices that could not be removed. Last year, Fast Company wrote about the potential for medical cybercrime. Recently we investigated security issues related to the “Internet of things.”
The FDA noted that no patient injuries or deaths have been connected to hospital IT security failures or hacking of medical devices.