The FBI released a study on active medical device cybersecurity vulnerabilities on September 13th. These vulnerabilities result from out-of-date software and obsolete hardware lacking security mechanisms.
The vulnerabilities could have an effect on patient safety, healthcare facility operations, data confidentiality, and data integrity if they are exploited. If hackers take control, they can instruct devices to provide false readings, deliver drug overdoses, or conduct other actions that risk the health of patients.
In its briefing, the FBI noted that a mid-year healthcare cybersecurity review discovered that equipment like pacemakers, intracardiac defibrillators, insulin pumps, and intrathecal pain pumps is susceptible to intrusions. According to the FBI’s release, common difficulties include the use of standardised settings, specialised configurations, having a sizable number of managed devices on a network, and the impossibility of enhancing device security features.
The organisation claims that 40% of medical equipment near the end of their useful lives offer little to no security fixes or upgrades, and that research has discovered an average of 6.2 flaws per medical device.
The updated briefing is available to assist healthcare IT managers in taking action to recognise and secure devices and increase employee knowledge through training in risk mitigation. It evaluates:
- Endpoint security
- Management of access and identity
- Asset management
- Vulnerability control
- Training to lessen the dangers related to employees
Additionally, the FBI requests notification of any suspicious or illegal event involving medical devices through regional field offices, including the name and contact details of the organisation, the date, time, and location of the incident; the nature of the incident; the number of victims; and the type of equipment involved.