US government officials are concerned that medical equipment is becoming riddled with malware. The malware infections can clog patient-monitoring equipment and other software systems.
So far no one has died because the equipment is bugged, but Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst said the problem is getting worse. Malware slowed down fetal monitors used on women with high-risk pregnancies being treated in intensive-care wards.
Part of the problem is that software-controlled medical equipment has become increasingly interconnected and systems run on variants of Windows. They are usually connected to an internal network that is itself connected to the Internet. They are also vulnerable to infections from laptops or other device brought into hospitals.
Unlike the IT market, medical-device makers are refusing to allow their equipment to be modified, even to add security features. Beth Israel Deaconess Medical Center in Boston, 664 pieces of medical equipment are running on older Windows operating systems that manufactures will not modify or allow the hospital to change—even to add antivirus software—because of a row over whether modifications could run afoul of US Food and Drug Administration regulatory reviews.
What is scary is that the newer systems are based on Windows XP which have better protections, but Microsoft will tell you that Windows XP is not exactly safe any more.