Triclosan, Still

May 21, 2013

I’ve written here a number of times over the past couple of years (most recently here) about triclosan, an anti-bacterial and anti-fungal agent that is used in a wide variety of consumer products, including anti-bacterial soaps, toothpaste, deodorant, mouthwash, other cosmetic products, and household cleaning supplies.   The US Food and Drug Administration [FDA] has been conducting a safety and effectiveness review of triclosan for some time now. The review was originally scheduled to be released in April, 2011; last summer, it was promised by the end of the year (2012).  We’re all still waiting.

The Singularity Hub site has an article on this ongoing saga.  It gives a bit more of the history: the FDA issued draft guidelines in 1978, which classified triclosan as “not generally recognized as safe and effective”.  Since the guidelines were never finalized, nothing changed.

The FDA has not given an updated timetable for the release of its review.

Triclosan Again

May 5, 2013

The Yahoo! News site has an article from the Associated Press [AP] about the US Food and Drug Administration’s [FDA] ongoing review of triclosan, an anti-bacterial and anti-fungal agent that is used in a wide variety of consumer products, including anti-bacterial soaps, toothpaste, deodorant, mouthwash, other cosmetic products, and household cleaning supplies.  The FDA’s original goal was to release the results of this review in April, 2011; clearly they are a bit behind schedule.   (According to the article, the results should be released later this year — or, at least, real soon now.)  Triclosan does have one use explicitly approved by the FDA: it is used in some toothpastes to help prevent gingivitis.  Its other uses have not, as far as I know, been subject to any formal approval process.

I’ve written here a couple of times before about the use of triclosan.  It is suspected, based on animal studies, of being an endocrine disruptor, boosting the effect of testosterone and estrogen, and reducing that of thyroid hormones.  Another animal study, reported last summer, suggests that triclosan can interfere with muscle function.   What is most striking, though, is that, for its main use, as an anti-bacterial agent in consumer products, there is essentially no evidence that it has any value at all.  As the FDA website, and other publications, have said for some time:

For other consumer products, FDA has not received evidence that the triclosan provides an extra benefit to health. At this time, the agency does not have evidence that triclosan in antibacterial soaps and body washes provides any benefit over washing with regular soap and water.

This is not to diminish, in any way, the importance on washing in  general, and washing ones hands in particular.  (The Centers for Disease Control have resources on hand hygiene.)  But, as the FDA’s note suggests, the evidence suggests  that ordinary soap and water work just fine.  As I wrote in an earlier post:

My own conclusion is that, since I have seen no evidence that these anti-bacterial products provide any benefit, and since there may be some risk, they are not worth using, especially since they cost more than plain old soap.

Apart from the possible negative effects of any particular chemical, there is a general argument for not using anti-microbial products indiscriminately.  There is a possibility that excessive usage may contribute to antibiotic resistance, and there is also a risk of disrupting the normal population of microbes that are part of our personal biosystems, which can lead to serious health problems.  It hardly seems worth much risk to use something, like triclosan, that in most cases doesn’t seem to work anyway.

Virus-Infested Hospitals

October 20, 2012

Most readers, I suspect, will have run across news stories or other reports of nasty infections sometimes acquired by hospital patients.  According to a report at Technology Review, there is another worrying category of infection proliferating in hospital environments: computer virus infections of medical equipment.

Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.

The advent of the microprocessor and Moore’s Law has meant the introduction of digital technology, often replacing electro-mechanical control systems, in everything from toasters to “fly-by-wire” aircraft.  It should come as no surprise that many medical devices are now controlled by software as well.  This of course means that all the problems of software, including program bugs, security vulnerabilities, and malware, are part of the package.  Also, as with industrial control [SCADA] systems, the undoubted convenience of linking these devices to a network provides a convenient vector for malware infections.  (The direct connection may be to an internal network, but there is often a path to the Internet lurking somewhere in the background.)  In addition, hospital personnel, like workers in other fields, bring in personal laptops, USB memory sticks, and other devices, sometimes with some undesirable extras.

Another difficulty with medical equipment is also reminiscent of the SCADA case.  For obvious reasons, the vendors and users of these devices place a high value on availability — the machine should be ready for use whenever it is needed.  This means that scheduling downtime for, say, installing software patches is not popular.  In addition, some manufacturers do not allow any modifications to their equipment or its software, even to install security fixes.  This stems in part from the requirement that the devices have to be approved by the FDA; rightly or wrongly, some vendors believe that installing such fixes might require the device to be re-certified.

In a typical example, at Beth Israel Deaconess Medical Center in Boston, 664 pieces of medical equipment are running on older Windows operating systems that manufactures will not modify or allow the hospital to change—even to add antivirus software—because of disagreements over whether modifications could run afoul of U.S. Food and Drug Administration regulatory reviews, Fu says.  [Prof. Kevin Fu, associate professor of computer science at the University of Massachusetts, Amherst]

These security issues were the focus of a meeting last week of the Information Security & Privacy Advisory Board at the National Institute of Standards and Technology [NIST].   Prof. Fu was one of the attendees, as was Mark Olson, Chief Information Security Officer at Beth Israel Deaconess Medical Center in Boston MA.

At the meeting, Olson also said similar problems threatened a wide variety of devices, ranging from compounders, which prepare intravenous drugs and intravenous nutrition, to picture-archiving systems associated with diagnostic equipment, including massive $500,000 magnetic resonance imaging devices.

Hospitals have not, historically, had to focus very much on computer security.  With today’s equipment, though, they have become security administrators whether they like it or not.  As with SCADA systems and many others, there is some catching up to do.

%d bloggers like this: