An official at the US Department of Veterans Affairs has testified before Congress that malware-infected medical devices are to blame for security compromises in VA systems.

As recently reported in InformationWeek, protecting medical devices from cyber threats has become one of the department’s “critical challenges,” according to assistant secretary for information and technology Robert Baker.

The major challenge with securing medical devices is that, because their operation must be certified, the application of operating system patches and malware protection updates is tightly restricted…. This inherent vulnerability can increase the potential for cyber attacks on the VA trusted network by creating risk to patient safety.

The VA states that not only do these security compromises have the potential to diminish the quality of patient care, but that the process of cleansing malware-infected devices has proven extremely costly. Over 122 VA medical devices have been infected with malware during the last 14 months and these attacks have occurred despite extensive preventative measures implemented last year. The department of Veteran Affairs is currently working to ensure that their more than 50,000 medical devices are equipped with isolation architecture by the end of 2010.