You may have seen news that US Food and Drug Administration is now “strongly encouraging” hospitals not to use a leading brand of drug pump over hacking fears. The BBC story is here for more details. John Smith, Principal Solution Architect at Veracode commented on the FDA issues warnings to hospitals over hackable drug infusion pumps.

John Smith, Principal Solution Architect at Veracode

It is unsurprising that the FDA is urging healthcare facilities to switch from Hospira’s Symbiq Infusion System to alternative infusion systems “as soon as possible” considering its reported vulnerability. Information security professionals have been citing hypothetical examples similar to this case for years, exemplifying the new threat that many Internet of Things (IoT) devices pose: in this case, the threat to human health rather than mere data.

What is perhaps most worrying in this instance, however, is not that this vulnerability exists in a healthcare device but that it has been claimed that the security flaw has gone unfixed for over a year. It is essential that the IoT security is looked at holistically to ensure that the devices, as well as their mobile and web applications and back-end cloud services, are built securely by default. Security should not be treated as a bolt-on, or we risk not only putting sensitive information in jeopardy but potentially opening ourselves up to physical harm.[su_box title=”About Veracode” style=”noise” box_color=”#336588″]veracodeVeracode is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises.  By enabling organizations to rapidly identify and remediate application-layer threats before cyberattackers can exploit them, Veracode helps enterprises speed their innovations to market – without compromising security.Veracode’s powerful cloud-based platform, deep security expertise and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.Veracode serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands.[/su_box]

EMEA CTO
Veracode
Expert Comments : 8
Security Articles : 3

EMEA CTO
Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x