More than 122 medical devices were infected by malware during the past 14 months at the U.S. Dept. of Veterans Affairs’ network of 50,000 medical devices, representing what one official called a critical challenge to the department’s security.
Roger Baker, the department’s assistant secretary for IT at the Department of Veterans Affairs, told a U.S. House Committee on Veterans’ Affairs subcommittee that regulatory hurdles have handcuffed the agency’s abilioty to respond to malware attacks, InformationWeek reported. The regulatory compliance process for all devices, their software and any subsequent software upgrades slows the updating and therefore securing of medical devices from malware, Blake said.
“This inherent vulnerability can increase the potential for cyber attacks on the VA trusted network by creating risk to patient safety,” he said, according to the magazine.
Blake is not the first to sound the alarm about the security of wireless medical device networks. An April report in the New England Journal of Medicine called for improvements to the security and privacy of implantable medical devices. The report’s authors compared the current state of medical device security to the pharmaceutical supply chain in the early ’80s, citing the 1982 cyanide poisoning of Tylenol.
Hackers have already hijacked a patient support website for epileptics, electronic medical records, and last year, a computer virus called Conficker infected hundreds of MRI devices around the world, including at dozens of U.S. hospitals.
The VA has reacted to the threat by instituting new assessment and training programs and is in the process of implementing more security measures for its device network. The VA’s Office of Information and Technology and its Office of Information Protection and Risk Management are attempting to bring the protections to the thousands of medical devices currently on the VA’s network, according to Blake.