What Could Make Your Medical Devices Go Haywire?

Leigh Page


August 27, 2013

In This Article


Computer viruses could potentially make medical devices go haywire, and anything from your intravenous (IV) pumps to ventilators, laboratory analysis equipment, and CT scanners could be affected.

Medical devices are currently attracting a great deal of federal scrutiny, all because of a relatively new phenomenon: their vulnerability to malware, hackers, and the other miseries usually associated with computers.

Physicians' offices tend to be more vulnerable than hospitals to malware because they have less access to IT expertise, according to W. Reece Hirsch,an attorney specializing in healthcare security breaches in the law firm of Morgan, Lewis & Bockius in San Francisco. "This will become more of a problem as networks become more important," he said.

In June 2013, the US Food and Drug Administration (FDA) issued a safety communication[1] on use of medical devices and also issued draft guidance[2] proposing new guidelines for device manufacturers. Meanwhile, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a division of the Department of Homeland Security, issued an alert[3] about unsafe passwords in medical devices.

Hundreds of different types of devices have been affected in hospitals and possibly also in physicians' offices, although reports are scantier there. These devices range from the fairly small -- IV pumps, ventilators, fetal monitors, laboratory analysis equipment, and radiography and echocardiography machines -- to the very large, including CT and MRI scanners, radiology workstations, and cardiac catheterization laboratories.

The new concerns represent a sea change in how medical devices are used. As recently as a decade ago, many medical devices were still stand-alone appliances. You'd have to walk up to them and push buttons to operate them and read the information they reported, and then you'd jot it down on your clipboard.

Now, as part of the healthcare IT revolution, these devices are plugged into computer networks that allow them to be remotely operated as well as feed data directly into information systems. Although these devices are significantly more efficient than their forebears, they are prone to Internet-borne malware that can slow them down; make them crash; garble data; and even make them send data to remote locations, a potential violation of the Health Insurance Portability and Accountability Act (HIPAA).


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.