Modern technology expands into various areas of our lives all by its own. Medical facilities also use networks and networked devices. This makes sense since monitoring vital signs creates data you want to transport to your staff. Regardless of the technology used, once you expose the device to the outside world it needs to be hardened against tampering and abuse. The U.S. Food and Drug Administration (FDA) is aware of this issue and has published a recommendation regarding the security of medical devices.
„…manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack, which could be initiated by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks…”
At DeepSec 2013 Florian Grunow presented his results found by hacking medical devices. We especially recommend Florian’s talk to anyone working with these devices or designing them.