We talked about WannaCry. Medical device vulnerabilities are no way theoretical. Fool doctors hacked is not exactly light matter for patient’s data privacy and security of the hospitals. Orthopaedics, Dentistry is working and progressing on technical matters since Hippocrates era but that is not the way problems can be solved. Medical devices, imaging etc has existing IEEE, ISO standards.
Astonishing Spectrum Of Medical Device Vulnerabilities
Researcher Billy Rios found that there are drug delivery pumps which does not need any authentication and fully proprietary, that simply means not difficult backdoor but anyone who can access a hospital’s network possibly can change the dosage. At worst, there are actually Libre Hardware aka F/OSS projects on drug delivery pumps. Indeed we demonstrated simple Arduino infusion pump. That means engineering students to DIY enthusiasts are working but so called heart experts, medicine experts do not care.
Let us come towards our image expert radiology department. MRI machines reported to be hacked in some US hospital. There is serious Libre Hardware project on F/OSS USG machine as well as other imaging. Radiologists commonly blame these F/OSS projects for “scanning own babies at home”. But they apparently have no headache about cost of proprietary machines, their non-compliance to standards set by Free Software Foundation.
A catheter lab in the US was temporarily made shut down when malware was discovered on the computer associated cardiac surgery. Obviously these are just few examples.
Who Will Bear The Liability Of Breech Out Of Medical Device Vulnerabilities?
Of course the treating doctors. Being doctor was never an easy work. Otherwise medical science becomes like homeopathy.
Free Software Foundation actually has some softwares related to health like GNUHealth, indeed there are full distribution like DebianMed. If only the medical websites are talked about, possibly 50% will not get A+ on SSL Labs tests.
If a patient’s data get stole out of radiologist’s ignorance, that should be a negligence. Whole earth expects doctors like René Laennec, Hugh Owen Thomas like doctors who understand acoustics, mechanics etc (at minimum like me who can code some lines, run NSE scripts to test WordPress lol).
Whole earth’s developers know Free Software Foundation, Richard Stallman, Edward Snowden as reliable persons to save from Governmental data theft. Where from FDA become expert around hardware, software matters? FDA also allowed Rofecoxib pill, which killed few thousands (or millions). We understand what FDA is doing :
But if FDA arrange to steal data like NSA?
They are fool or N00b can not be a reason not to use GNU/Linux or get patient’s data stolen. They have to fix their pacemakers to whatever. There are lot of Biomed, ECT, Material Sciences engineers work with orthopaedics peoples, we will manage our things but if those “cardiologists” do not allow Biomed, ECT and Libre Hardware, how it is possible to get safer F/OSS patient monitors?