On Tuesday, the FBI issued a report offering recommendations to address a number of cybersecurity vulnerabilities in active medical devices stemming from outdated software, as well as the lack of security features in older hardware.
Once exploited, the vulnerabilities could impact healthcare facility operations, patient safety, data confidentiality and data integrity. If a cyberattacker takes control, they can direct devices to give inaccurate readings, administer drug overdoses or otherwise endanger patient health.
The FBI noted in its briefing that a mid-year healthcare cybersecurity analysis found that equipment vulnerable to cyberattacks includes insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers, and intrathecal pain pumps.
Routine challenges include the use of standardised configurations, specialised configurations – including a substantial number of managed devices on a network – and the inability to upgrade device security features, according to the FBI's announcement.
The agency further adds that research has found an average of 6.2 vulnerabilities per medical device and that 40% of medical devices at the end-of-life stage offer little to no security patches or upgrades.
Source: Healthcare IT News, 13 September 2022