Even in the best hospitals there is a danger of acquiring vicious bugs like flesh-eating bacteria, pneumonia or even a new strain of tuberculosis. MIT’s Technology Review blog reports that medical facilities nationwide are now dealing with an entirely different class of bugs: malware.
Computerized equipment manufacturers apparently have an affection for out-of-date versions of Windows that may eventually put entire hospital computer networks in jeopardy.
Speaking last week in a Washington, D.C., meeting of a medical device panel, security expert Kevin Fu was unequivocal:
“I find this mind-boggling,” Fu says. “Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There’s little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches.”
As an example of critical equipment compromised by malware, expert Mark Olson cited pregnancy monitors. Mr. Olson, who is chief of information security at Beth Israel Deaconess Medical Center in Boston, said it isn’t unusual for monitors “to become compromised to the point where they can’t record and track the data” physicians need to evaluate the health of expectant mothers. According to Mr. Olson, equipment prone to malware infection include devices used to prep intravenous drugs and half-million dollar MRI machines.
Nationwide, the malware problem in hospitals hasn’t reached critical mass, but it is on the rise. The experts quoted by Technology Review seem to agree that wider public awareness is crucial to dealing with the issue, in addition to hospital chief technical officers implementing safety measures like firewalls and speaking out in general on the importance of the matter.
It looks like Kaspersky Lab may have found a new target market for its ultra-secure industrial operating system.