By Adam Garber

Philadelphia— Patients and health care providers expect equipment to be secure and operate as expected. But the U.S. Food and Drug Administration (FDA) is now warning health care providers and consumers that some monitors for blood pressure, heart rate, temperature and patient status contain cyber security vulnerabilities.

The devices are generally used for central monitoring stations such as a nursing station at larger care providers and hospitals. If exploited, the flaw would allow someone to “silence alarms, generate false alarms and interfere with alarms of patient monitors connected to these devices.”

No adverse effects due to this flaw are known. A new safety patch from GE will is forthcoming to fix the problem. Patients can discuss equipment use with their hospital to ensure they are taking the proper security actions to prevent hacking. However, such patches can be difficult to deploy. They often require action by the user, such as the patient in the case of in home care.

Its not the first time the FDA has warned about potential cyber security issues with medical devices. In 2018 the agency noted the growing internet of things posed real risk for medical and health care devices and announced plans to create a “go-team” that quickly be deployed when issues were suspected or to help confirm compromised data. This CyberMed Safety Analysis Board (CYMSAB) would be a public-private partnership that includes hardware, software, networking, biomedical engineering, and clinical experts.

In addition, FDA requested more authority to require medical equipment manufacturers to improve the patchability of medical equipment and ensure hospitals work with security researchers when problems are identified.