Incident Response, TDR, Vulnerability Management

DHS investigates possible vulnerabilities in medical devices, report indicates

Citing an unnamed senior official at the U.S. Department of Homeland Security (DHS), Reuters reported on Wednesday that the agency is investigating roughly 24 cases of suspected vulnerabilities in medical devices and hospital equipment.

Other unnamed individuals familiar with the investigations told Reuters that the DHS' Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is reviewing products that include an infusion pump from Hospira, Inc. and implantable heart devices from Medtronic, Inc. and St. Jude Medical, Inc.

Those sources are unaware of any incidents involving patients being attacked through these devices, but there is concern that attackers could remotely access the devices and potentially threaten lives, the report indicates.

In a statement emailed to on Wednesday, S.Y. Lee, a DHS spokesperson, wrote that ICS-CERT works directly with medical device manufacturers, health care professionals and facilities “to investigate and address cyber vulnerabilities,” but Lee did respond to specific questions regarding these investigations.

“DHS actively collaborates with public and private sector partners every day to identify and reduce adverse impacts on the nation's critical cyber systems,” Lee wrote in the statement.

Hospira, Medtronic and St. Jude Medical did not immediately return requests for comments, but will update this story as soon as new information is made available.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.