on tuesday, youThe FBI issued a report that offers recommendations to address a number of cybersecurity vulnerabilities in active medical devices stemming from outdated software, as well as the lack of security features on older hardware.
Once exploited, the vulnerabilities could affect healthcare facility operations, patient safety, data confidentiality, and data integrity. If a cyber attacker takes control, he can direct the devices to give inaccurate readings, administer drug overdoses, or otherwise patient’s health in danger.
The FBI noted in its report that a midyear health care cybersecurity analysis found that equipment vulnerable to cyberattacks includes insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers, and intrathecal pain pumps.
Routine challenges include the use of standardized configurations, specialized configurations, including a substantial number of managed devices on a network, and the inability to update device security features, according to the FBI announcement.
The agency further adds that research has found an average of 6.2 vulnerabilities per medical device and that 40% of end-of-life medical devices offer few or no patches or security updates.
The new report is available to help healthcare IT managers identify and protect devices and increase employee awareness through risk mitigation training. Check out:
Identity and access management.
Training to help mitigate risks associated with employees.
The FBI also requests that it be notified through local field offices of suspicious or criminal activity involving medical devices, including organization name, contact; the date, time and place; the type of activity; the number of people affected; and the type of equipment.
Andrea Fox is a senior editor for Healthcare IT News.
Healthcare IT News is published by HIMSS.