CASE STUDY 511 Vulnerabilities of Medical Devices Medicaldevices that are controlled by computer software- from heart monitors and pacemakers to mammogram and X-ray machines-are new targets for computer viruses and malware. This could put patients at risk, although no inju ries or deaths have been reported so far. The U.S. Food and Drug Administration (FDA) is warning the manufacturers of medical devices about the problem and is requesting them to review the parts of their security plans that are related to these devices when they seek approval from the 116 PART ONE Fundamentals of information Systems government agency. In October 2016, Johnson & Johnson warned patients that use its insulin pumps to exercise caution, as it had learned of a security vulnerability that a hacker could exploit to overdose diabetic patients with insulin, although the risk is low." A Department of Veterans Affairs (VA) report has shown that 327 devices at VA hospitals have been infected by mal- ware since 2009. In January 2010, a VA catheterization labo ratory was temporarily closed due to infected computer verstuttu MM equipment that is used to open blocked arteries. And in a case at a private Boston Hospital, computer viruses exposed sensitive patient data by sending it to out- side servers. The increased applications of electronic record systems as a part of the 2009 stimulus package is adding to this risk. A In addition to privacy issues, hackers can change patients' medical records and treatment plans. If the system does not have a strong login access, some patients can access a system and alter their own medications, such as those taking narcotic substances. Hackers could use Shodan, a search engine for locating Internet connected devices, using terms such as "radiology" and "X-ray". Manufacturers must improve the security features of these devices, making them more difficult for hackers to break into. And there needs to be close coordination between the manufactur- ers and healthcare pro- viders to further enhance security. Also, hospitals and medicalfacilities must make sure that all the software running these devices is up- to date and any updates have been installed. Finally, these devices must be blocked from internet access." Answer the following questions: 1. What are three examples of devices that could be attacked by computer viruses? 2. What are the risks related to using electronic health records in hospitals and medical facilities? 3. What are three pieces of advice for reducing the risk associated with using these devices