Kevin Fu, an expert on medical-device security and a computer scientist at the University of Michigan in Ann Arbor and the University of Massachusetts in Amherst, was interviewed in the report, and according to him, the problem is made worse because medical equipment is often connected to outdated versions of Windows, which hospitals are not allowed to upgrade.
What prevents hospitals from upgrading software for medical devices? Adding antivirus protection to medical devices is forbidden because it could breach U.S. Food and Drug Administration regulations, according to the report.
“I find this mind-boggling,” Fu said to Forbes. “Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There’s little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches.”
Unfortunately, the government has been slow in addressing this issue. According to the report, the Government Accountability Office issued a report in September, which warned that computerized implanted defibrillators and insulin pumps could be vulnerable to hacking, but nothing has been done.
More Articles on Health Technology:
ONC Transitions Nationwide Health Information Network to eHealth Exchange
Methodist Hospitals in Indiana Reaches $5M Settlement With HIT Companies
Study: EHRs Enhance Patient Care
