The United States Food and Drug Administration (FDA) has issued a warning to hospitals and healthcare facilities across the country over a security vulnerability in the Healthcare Clinical Information Central Stations and Telemetry Server models from General Electric.
The devices are primarily used by hospitals to help monitor patients’ vitals and other health information, including their blood pressure and heart rate. In a note published earlier this week, the agency urged every facility using the tools to be wary of a bug, which could grant hackers remote access to them.
— Engadget (@engadget) January 24, 2020
Defects Could Lead to Wrong Readings
The telemetry servers are usually placed within the nurse’s bay or at any other central location at the hospital. In its note, the FDA explained in its warning that these tools have a significant security flaw that could allow malicious parties to take control of the devices and manipulate operations.
As the regulator explained, a corrupted device could easily be manipulated not to report signs of an impending cardiac anomaly, thus endangering a patient’s life. The devices could also be trained to make false alarms and readings, which could be deadly for patients and unnecessarily costly for hospitals.
While both General Solutions and the FDA have confirmed that no fatal situations have come from this security flaw, they also urged hospitals to take the devices off their networks as a precaution. The agency confirmed that GE notified hospitals and healthcare facilities about the vulnerability last November. They also provided details for remedying the situation and getting a patch when the time comes.
Extra Policing for Health and Wellness Devices
The FDA has taken a particularly principled stand against technology being used in the healthcare space, mainly due to the reliance of healthcare practitioners on them. While companies have been quick to issue patches for security flaws also, pushing the patches onto the devices has been somewhat challenging. This is due to the process, which requires manual installation most of the time.
— Osagune (@osagune) September 18, 2019
Earlier this week, the agency gave regulatory clearance to VivaLINK, a Silicon Valley company that’s been developing a multi-vital patch and a software development kit. As the company noted, the patch is stuck to the skin and can detect RR interval, heart rate, patient movement, and cardiac arrhythmias such as atrial fibrillation. The tool comes with the electric components of an ECG, and accelerometer, a battery, and more.
It is also reusable, which will make it a great choice for less opulent cardiologists, as most wireless cardiac monitors with its functionalities tend to be more single-use.
Images are courtesy of Shutterstock, Twitter, Pixabay.