FDA Wants Medical Devices To Have Mandatory Built-In Update Mechanisms (bleepingcomputer.com) 96
Catalin Cimpanu, writing for BleepingComputer: The US Food & Drug Administration plans to ask Congress for more funding and regulatory powers to improve its approach towards medical device safety, including on the cybersecurity front. An FDA document released this week reveals several of the FDA's plans, including the desire to force device makers to include mandatory update systems inside products for the purpose of delivering critical security patches.
In addition, the FDA also plans to force device makers to create a document called "Software Bill of Materials" that will be provided for each medical device and will include software-related details for each product. Hospitals, healthcare units, contractors, or users will be able to consult the medical device's bill of materials and determine how it functions, what software is needed for what feature, and what technologies are used in each device.
In addition, the FDA also plans to force device makers to create a document called "Software Bill of Materials" that will be provided for each medical device and will include software-related details for each product. Hospitals, healthcare units, contractors, or users will be able to consult the medical device's bill of materials and determine how it functions, what software is needed for what feature, and what technologies are used in each device.
Comment removed (Score:5, Insightful)
Re: (Score:3, Funny)
Re: (Score:2)
data romaing at Health Care Prices (Score:2)
Say
in market (small area) $1/meg
out of market (In state) $5/meg
out of market (out of state) $10/meg
Canada / Mexico fringe roaming $11/meg
Canadian roaming $20/meg
Other $50/meg
Cell at sea $60/meg
----
In Lockup free to you
Re: (Score:2)
But wait, there's more!
Think about the user experience when Facebook gets real time bio metric feedback on your response to ads!
So much service improvement, so many ads that we KNOW that you'll just love seeing!
Re: (Score:2)
I think he has bullet points.
Re:Nice try (Score:5, Insightful)
I find it telling that Dick Cheney's pacemaker was replaced with a unit that had all of the RF functions disabled during his tenure as VP.
That tells me two things.
1. He still has some biological components left.
2. I do not want wireless interfaces on my medical devices.
Re: (Score:3)
You have it backwards, the pacemaker was kept and the rest of Dick Cheney replaced. Now he's more of an automaton...well, more so than before.
Re: (Score:3)
Nonsense, since 2012 when Dick Cheney had a heart transplant we can finally say with certainty that he has a human heart.
Of course, it was once somebody else's.
Re: (Score:1)
Where in TFA does it talk about implanted devices? I got the impression they were talking about external things (i.e. glucose meters, etc.).
So then: if my device (in fact a glucometer) doesn't connect to the internet it shouldn't need security patches. BUT if they make it mandatory for the firmware to be able to receive updates and patches then I'll HAVE to connect to the internet and be exposed to all KINDS of breach attempts and evildoers so I'll definitely NEED those patches to thwart THEM. Yah?
Re: (Score:2)
Have you ever heard of public key cryptography? https://en.wikipedia.org/wiki/... [wikipedia.org] If the manufacturer can keep their private key secret, then only they could push an update. Of course this requires hardware beefy enough to handle either ECC or RSA calculations in a reasonable amount of time... Yeah, this also assumes that they do the cryptography properly (which can be harder than it sounds).
A
Re: Nice try (Score:1)
Re: (Score:2)
That's a great idea! (Score:2, Insightful)
All those medical device manufactor have so much know how on what to do (digital signatures, encrypted communications), let's add firmware update to the list. They can call it "secure firmware update" (because the protocol is secret, which makes it secure!). Well no, scrub that, simply make it illegal to hack devices, much cheaper than security...
Inb4 a mandated update mechanism gets compromised. (Score:5, Insightful)
The only thing that scares me worse than insecure proprietary bullshit that can kill people is people who don't understand technology trying to legislate insecure proprietary bullshit that can kill people.
Not necessarily good (Score:5, Insightful)
I'd rather have a device with no external connectivity than one that has external connectivity because one is needed by the upgrade mechanism.
That just adds a vector for attack where there was none.
Re: (Score:2)
I remember back on win XP getting updates that, among other things, would break networking. Awesome, because you couldn't download the next update that fixed or undid the shit update.
Thankfully there was a way to roll back to a prior state - "restore points" I think they were called.
It'd be a bit more than an inconvenience for something your life depended on.
Re: (Score:1)
They need to have some wireless communication in order to provide the doctor with telemetry. A pacemaker will record the hearts natural rhythm then apply it's own signal, plus it needs to be able to be reprogrammed to the correct range of speeds. Then once you have that information and data transfer method, firmware updates become possible. But those have to be secured. The doctor might store all the passwords/keys on a computer/server in the treatment room.
Re: (Score:2)
Also, adjustment of pacemakers have been done for several generations now - with a couple of screws. It's a tiny incision that doesn't even require a stitch. And it's pretty much hack proof.
If anything, wireless adjustments mean more surgery, because the battery will run out much faster.
(An Apple iPacemaker would presumably need recharging every night...)
MS active hours (Score:1)
It's too bad that you need this to be up 20 hours an day as the max you can set active hours to is 18 or 12 (server 2016) too bad and read the EULA we don't have to do shit.
About time (Score:4, Insightful)
the desire to force device makers to include mandatory update systems inside products for the purpose of delivering critical security patches.
First of all, why does every damn thing have to be able to connect with your phone/internet. Unless there's a damn good reason, I don't know why you would want to introduce security holes in a device that is keeping you alive. I suppose it's convenient to have your pacemaker app on your phone giving you live updates about how well it's working so you can post it to Facebook or something. But not if it means that anyone within range can turn the thing off, or cause it to malfunction.
Any manufacturer that has released an device that a malfunction could cause a lethal event with wireless access with a hard coded password should be fined a lot. And pay for whatever surgery and device is needed to remedy this. Additionally, they should pay the patients for their time and recovery. Just how incompetent are people that make these things? Gee, WiFi and Bluetooth. No one would ever think to try to connect to something like that. I mean seriously, hard coding "1234" or "password" on an implanted defibrillator or and insulin pump?
Re:About time (Score:5, Insightful)
Unless there's a damn good reason, I don't know why you would want to introduce security holes in a device that is keeping you alive.
The only reason you would need a "critical security patch" is if there were some way of hacking into the device remotely. For most devices the only way people could hack into them remotely is through the new external connection that allows critical security updates.
You create a solution for a problem created by the solution. My head hurts.
I suppose it's convenient to have your pacemaker app on your phone giving you live updates about how well it's working so you can post it to Facebook or something. But not if it means that anyone within range can turn the thing off, or cause it to malfunction.
Sending data TO an external monitor does not require receiving data FROM an external device. I have a half a dozen wireless weather sensors around my house that don't receive a single bit of data via radio, but they repeatedly send data out. Your pacemaker could do the same kind of thing.
3rd party systems in an hospital with old oses (Score:2)
3rd party systems in an hospital with old oses that don't get updated is the real issue.
Re: (Score:2)
3rd party systems in an hospital with old oses that don't get updated is the real issue.
If they don't have a way to hack into them, then adding an update mechanism for security patches creates a mechanism to hack into them. If you can install a patch to stop hackers via a USB stick or WiFi, for example, then hackers could install something else using a new exploit in the update system. The age of the OS doesn't matter if nothing from outside can change it.
I have a glucose meter. It has a connection to dump data to a computer. That connection is probably bi-directional since the computer can a
Re: (Score:1)
Pacemakers are not just a set electric shock on a set interval timer. The size and profile of the shock is tunable to respond to the patient's individual heart condition where the adjustment is different for every person. And they have to react differently depending on the behaviour of the patient. Is their heart rate increasing because they're running or having a heart attack? How it responds is important, and if it gets it wrong the person could pass out or die. If the software making that decision is fou
Re: (Score:2)
Pacemakers are not just a set electric shock on a set interval timer.
I know what pacemakers do.
If the software making that decision is found to have a bug, then yes there's a good reason to issue a critical software patch that's not just to prevent hacking.
That is not a critical security update. It is a flaw that should have been caught before approval.
You want to avoid surgery if at all possible so it makes a lot of sense to be able to make updates.
You do realize that there are systems already designed that have external wired connections, which would require physical access to the device to hack into? Maybe not. Not every medical device needs wireless, and thus at-a-distance, access.
The pacemaker also makes for a very good data logger to monitor both the device and the patient's condition. The doctors can download valuable information from such a device to inform their choice of ongoing treatment.
As I already said, OUTPUT of data does not require an external interface for INPUT to the device. It could be as simple as a reed switch that a mag
Re: (Score:3)
Re:About time (Score:5, Interesting)
As someone with a close family member who has a phone-connected life-critical medical device, let me elaborate on what exactly it is doing.
First off, the user has direct access to statistical health information in real time. This before used to be quite the costly process with throw-away testing supplies. These throw-away supplies previously would only be used maybe once or twice a day, even though health conditions can fluctuate in a few minutes time.
Secondly, the logged data can be reported back to medical professionals. What would you rather have, someone untrained in medicine trying to awkwardly describe how they felt at some random particular moment in time, or having true raw data from that particular experience?
And just because a device is network connected and the device is life critical doesn't mean that the personal can instantly die from wrong doing. In this particular case, if the device was entirely shut off, the person would still survive a few days and would notice the effects within a couple hours and seek medical attention. With the device at full blast, the results would be similar. So at worst, a hacker could potentially make this person feel ill and go see a doctor, which is the exact same case that this person would experience if they were to treat themselves manually (the way things were done before) and messed up on accident.
Re: (Score:3, Insightful)
Agreed, but for the situation you described, you only need one way communication.
I've read about the security (or lack there of) on some pain pumps and implanted defibrillators. Having some sociopath getting remote access to someone's ICD could be more than a minor inconvenience.
Re: (Score:1)
Having some sociopath get ahold of a pair of scissirs to stab you in the chest would alsi be bad. I don't see anybody proposing that access to scissors be restricted. Flag as Inappropriate
Except stabbing someone with scissors is likely to be noticed. If you log into to someones defibrillator and light it up a couple of times, there's a pretty good chance they won't get caught. Or causing a pain pump to deliver all of it's medication at once. Hell, the manufacturer may even wipe the logs so they don't get caught for having no security on the device.
Re: (Score:2)
Most medical pumps that I'm aware of have built-in mechanisms to prevent the situation you're describing. Manufacturers understand that delivering all of a drug once is pretty much the best way to kill a person. Since their goal is the opposite of doing that, they tend to put safeguards in their medical devices to prevent that.
While 0 rate or max rate might adversely affect the patient, in general, it won't kill them instantly. Plenty of time to rectify the issue and seek medical treatment.
Are you unaware t
Re: About time (Score:1)
Re:About time (Score:4, Insightful)
Why does every damn commenter have to go off on a "connected to the internet" sidetrack when the article mentions no such thing?
Re:About time (Score:5, Funny)
Yes, I'm sure the updates will be obtained via Ham Radio. Fucking idiot.
Re: (Score:2)
The only thing worse than an asshole is an ignorant asshole.
Re: (Score:2, Insightful)
Probably because, like fridges, toasters, light bulbs, etc., there's no good reason for them to be internet-connected, but over time someone -- a device maker or some third-party they source some component from -- will decide that it'd be more convenient for them if the devices were internet-connected and it'll likely "just happen" because "meh, what's the worst that could happen?"
Re: (Score:1)
Why does every damn commenter have to go off on a "connected to the internet" sidetrack when the article mentions no such thing?
Agreed. Furthermore, why does every damn poster post about implantables? The term "medical device" covers a broad range of products.
For example, when you visit your GP and get your blood tested, your blood is sent off to a lab where the machine used to conduct those tests is also a medical device, regulated by the FDA (in the US at least, but the FDA has influence in many other jurisdictions). Many of those devices by the way run Windows. Yes, Windows. Usually at least one embedded system too, to handle h
Re: (Score:1)
Agreed. Furthermore, why does every damn poster post about implantables?
Because if your implantable device gets pwnd, there's nothing you can do. An external device can be disconnected or disabled without the need for surgery. If your implanted defibrillator starts shocking the shit out of your heart or a pain or insulin pump runs until it's empty there's not much you can do.
Re: (Score:2)
I can understand the need to update a device, certainly for discovered faults. I have a hard time thinking updates are going to be done in realtime while the device is functioning. Say you are on the phone and an update occurs, "Hey fella, I'll need to call you back. An update just bricked my pacemaker."
3rd party vendors must let hosblesm (Score:2)
3rd party vendors must let hospital have full os update control and no forced open 24/7 links to the outside.
FDA confirmed for out-of-touch, tech-ignorant (Score:5, Insightful)
Re: (Score:2)
Re: (Score:3)
Imagine getting an email from the attacker: "Send us 100 Bitcoins, or we'll stop your heart."
Imagine getting that email every few months for the rest of your life.
Re: (Score:2)
I could see maybe using NFC for certain devices. Go to your doctor to have an update applied from inches away, but wi-fi or other long range comms is just begging for a disaster.
NFC would still be problematic, since someone on the bus or bumping into you on the street could still get close enough to interface.
In general, I think you do need a physical interface that requires some kind of surgical day procedure to update.
Re: (Score:2)
They should require physical access to the device, NEVER wirelessly.
Physical access to a pacemaker...
I do not think this means what you think it means...
Re: (Score:2)
"The same gov't that runs the DMV" The DMV is ran by your state government. Instead, this is the federal government, ya'know, that one that has the NSA running a global spying operation that went undetected for years. Don't worry. They're not spying on your medical data too!
Hospital staff will fail to keep up (Score:1)
My worry is that vendors of devices update the software for equipment that requires training. An OTA update WILL change how a device works.
Hospital staff may or may not notice, and then even if they notice, who has time to figure out which devices have changed their behavior.
Nothing in the article says "remote" updates (Score:5, Insightful)
The article makes no mention of remote updates, let alone wireless ones. A physical port inside the device (perhaps behind a locked panel) makes sense for most devlces. If the device is already remotely accessible in any way (eg to allow a physician to plug into it and recover health data) then it potentially needs security updates. If not, then being able to apply a (suitably checked and signed) firmware update with a special cable may avoid the need for surgery and/or an expensive replacement device. Assuming they get the details right, this sounds sensible.
Re: (Score:2)
Re:Nothing in the article says "remote" updates (Score:4, Funny)
What could possibly go wrong??? (Score:2)
Re: (Score:2)
medical device manufacturers have some incentive to do actual engineering unlike Microsoft's clusterfuck of a QA system
Comment removed (Score:4, Funny)
Wrong Industry (Score:2)
cut that resistor and save! (Score:4, Interesting)
Not as good an idea as it seems (Score:1)
I worked for a medical devices company for a couple of years, one of the big players on the global stage, and I can tell you that before we worry about including methods for updating critical software issues, we need to first focus on getting companies to put patient safety back before profits and share price.
These are just examples that I personally saw. Let's just say for example that to go from an idea in someone's head to a finished product, it will require $1m and take 1 year if you give the lead engin
Re: (Score:2)
Trust me, this would be a good thing.
Whenever someone says "trust me", that's the last thing you want to do.
Update Tuesday (Score:2)
Re: (Score:2)
I wouldn't worry about that. Nothing will ever actually be upgraded.
Think about it: The firmware that the device is born with is FDA approved, at great expense. If the manufacturer discovers a bug and fixes it, then the fixed version is not FDA approved. Getting a renewed approval for a software modification is expensive, time-consuming and risky. Who's going to pay for that? Customers buy the cheapest thing that is approved anyway, and since the original firmware is approved, the manufacturer's salespeo
Lethal Injection update? (Score:1)
what could this hurt >>>update>>>
-Phone rings
IT: "IT how can I help you"
Doctor: "The medical devices are pushing all the medicine into the patients at once"
"Half are dead now"
IT: "have you tried disconnecting the intravenous tube from their skin"
Doctor: "your missing the point"
IT: "I'm sorry to hear that, Let me transfer you to level 2 support"
IT L2: "I have remote into the device and have turned down the dosage"
Doctor: "You do realize that patient has been dead for 15 min now"
IT L2: "I'
No thanks, I'll pass (Score:2)
Even at best mandatory Windows updates are making me lose productivity at critical time. Quite a few times they crash. I don't want any of these in a pacemaker. I also don't want to have to walk in a Faraday cage if government or hackers are out to get me. Actually, keep all the radios off unless activated by means like a magnet that can not be easily faked from a distance.
Please wait ... (Score:2)
Windows is installing update 17/67. Please do not reboot your pacemaker or die during this process ...