Here's how. Download an unsigned .EXE file from Philips Medical.
What could go wrong? Don't worry because a 2009 FDA MAUDE adverse event report on a different product explains that "Philips Medical Systems is not responsible for ... the integrity of the ... system infected with a computer virus." The MAUDE report seems to conflict with the spirit of Philips Medical's own product security policy. Philips Medical deserves kudos for writing a security policy document; not too many medical manufacturers can claim to have a policy on software security. However, Philips Medical may wish to hold off on claims of having "security designed in" if the same document later says:
In many of our products, we provide you with a controlled update repository to reduce the risk of equipment outage due to unauthorized or faulty anti-virus signature updates.Many? Many is a euphemism for we're sorry that we cannot quantify our cybersecurity preparedness. There is a diffusion of responsibility between hospitals and manufacturers that leads to certifiable finger pointing over security of medical devices. It has already been almost a decade since Philips discussed the problem of medical device security. Let's hope that achieving reasonable medical device security doesn't take as long as it took physicians to accept the advice of Semmelweis et al. on the importance of hand washing. That was 1847. And hand washing is still a problem.
No comments:
Post a Comment
All comments are moderated to prevent spam, so please pardon the delay while our anti-spam team looks at incoming messages.