Share

Related Stories

Top 5 Stories

News

FDA warns about software flaws in medical devices

21 June 2012

The US Food and Drug Administration (FDA) has found that software flaws in medical devices are leading to compromises of those devices.

“Many software platforms lack robust code validation”, FDA’s Office of Science and Engineering Laboratories (OSEL) said in its 2011 annual report. “In medical devices that contain software, it can be extremely difficult to assess if a firm follows their processes for design controls, especially in the areas of validation, risk/hazard analysis, and design changes”, the report said.

For example, software flaws caused around 24% of medical device recalls at one medical device manufacturer’s facility in 2011, according to an OSEL inspection team.

The inspection team found customer complaints about incorrect or missing patient results in a laboratory information system, and incorrect or missing notifications to clinicians that test results were out of range. "These types of failures can directly lead to patient harm or death if inappropriate drug dosing (too little or too much) or clinical decisions are made based on incorrect information”, the report warned.

Recently, the viasystemshealthcare.com website, which provides software updates for CareFusion’s medical devices, was apparently compromised for two months, according to an analysis by Clean MX cited by Paul Roberts of Kaspersky Lab’s Threatpost blog. CareFusion makes Alaris-brand infusion pumps and AVEA, AirLife, and LTV series ventilation and respiratory products.

The Clean MX analysis of viasyshealthcare.com suggested that the site was redirecting visitors to a web domain, gbfhju.com, which was among those used by the "LizaMoon" gang to serve up malware to unsuspecting web surfers, Roberts noted.

Roberts said the viahealthcare.com website was offline on Monday, and it remains offline as of Thursday afternoon, based on Infosecurity research.

This article is featured in:
Application Security  •  Malware and Hardware Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×