TrapX, a security company that specializes in medical device attacks, outlined how these attacks occur in a report titled “Anatomy of an Attack: MedJack” in May of 2015. In this report several case studies are examined in detail. In the first case study, malware was inserted on a blood gas analyzer. Continue reading
What cybersecurity threats are happening right now involving medical devices? In a word – malware. TrapX, a security company thoroughly examined three hospitals for the presence of malware. The results were astounding. They found malware in X-ray equipment, blood gas analyzers, CT scanners, and ventilators, as well as infusion pumps. Continue reading
In 2011, at a hacking convention known as Black Hat, a security researcher and insulin pump user demonstrated how he could remotely disable and modify his insulin pump over a wireless connection using inexpensive and readily available equipment.
In 2012, another security researcher demonstrated how he could capture and reverse engineer wireless communication from an Implantable Cardioverter Defibrillator (ICD) and cause the device to deliver a lethal shock to the heart. Continue reading
Many hospitals have started the ISO 9001 journey. This journey probably started because the hospital wanted a fresh and new approach with their accreditation. For the first time a hospital could begin to decide how they would meet requirements and not have to abide by a prescriptive way of doing things. Continue reading
This past week, Centers for Medicare and Medicaid Services (CMS) identified 758 hospitals that have high rates of patient safety issues. As a result, their 2016 Medicare reimbursements are being reduced by 1%. This is the second year for this federal mandate and there are over 400 (over 50%) repeat hospitals. The CMS program is entitled “Hospital-Acquired Condition Reduction Program”. The name alone is very telling. Continue reading