For a long time, medical devices were protected by an "air gap" which provided protection as long as the devices were physically separated from the data network. But increasing cost pressures and integration of these devices' capabilities have meant that insecure devices are being exposed to the network.
Common vulnerabilities include things like hard-coded, well-known passwords and even passwordless logins, vulnerability to SQL injection attacks, and a general inattention to security patches and secure configuration guidelines.
Security practices in the medical device industry have lagged most other IT installations. Affected devices include several where a malicious intruder (or buggy malware) could cause patient injury or death.
1 comment:
Hello, I'm a consultant & like to share. Most Class I devices and a couple of Class II devices are absolved from the necessity for docility of an advertising provision. Nonetheless, these devices are not excluded from other general controls. All medical devices must be made under a quality affirmation system, be suitable for the expected utilization, be enough bundled and appropriately marked, and have foundation enlistment and device posting structures on document with the FDA. thanks!
-----------------
iso 13485
Post a Comment