5 FBI Recommendations For Medical Device Cybersecurity

September 19, 2022 Ben Denkers

While medical devices are often designed for decades of use in hospitals, the software needed to run them becomes outdated more quickly. This results in devices running vulnerable software on healthcare networks, which can expose patients to physical and cyber threats.

In response to the threats facing medical devices, the Federal Bureau of Investigation (FBI) has released recommendations for the healthcare sector to bolster the cybersecurity of medical devices.

Consequences of medical device cyberattacks

Cybersecurity threats to medical devices can initiate a range of adverse effects. "On the extreme side, you have the scenario where a medical device compromise could directly impact patient safety and potentially be life-threatening," said Ben Denkers, Chief Innovation Officer at CynergisTek. "What could an attacker do if they took control of an insulin pump or pacemaker?"

While medical device takeovers have the potential to cause life-threatening consequences, many cyberattacks on medical devices lead to system downtime, rather than complete control of devices. "The most common consequence is healthcare organizations must deny service to the individual because the device no longer works or requires supporting infrastructure, which has also been compromised. Where time becomes a critical success factor in many medical emergencies, this can also have severe patient impacts," said Denkers.

To continue reading the full article click here.

About the Author

Ben Denkers is the CIO at CynergisTek where he is responsible for supporting growth, ensuring effective and efficient service delivery, and achieving the highest levels of client and employee satisfaction for CynergisTek’s security, privacy and compliance services. Denkers has nearly 20 years of experience in information security and consulting that includes markets such as finance, automotive, energy, manufacturing, and healthcare. With the threat landscape changing daily, this breadth of experience provides a unique perspective to the industry specific risks organizations face. He has been recognized for building, training, and optimizing team productivity. His strong focus on providing the operating framework, training, and development, and decisive leadership has empowered his teams to achieve tremendous success and drive business growth.
Follow on Linkedin Visit Website

Assessing the Security Risks of Emerging Tech in Healthcare

A host of cutting-edge technologies like A.I & nanomedicine contain the potential to revolutionize patient ...

Hackers have laid siege to U.S. health care and a tiny HHS office is buckling under the pressure

With a dearth of resources, the Office for Civil Rights is struggling with an overflowing caseload.

Insights Center

5 FBI Recommendations For Medical Device Cybersecurity

About the Author

Previous Article

Next Article

5 FBI Recommendations For Medical Device Cybersecurity

About the Author

Previous Article

Next Article

Most Recent Articles

Jon Moore considers how healthcare entities should address patient data risks when clinicians use ChatGPT or similar AI tools

This article shares some of the highlight results from Healthcare Innovation's annual survey, with analysis of the results by industry leaders and observers.

Hacking and business associate incidents dominated in 2022, foreshadowing the top risks and threats that will impact healthcare and their vendors this year

Jon Moore shares his predictions for 2023 cybersecurity supply chain risk

Jon Moore discusses cybersecurity supply chain risk and the actions that organizations should take in order to properly implement and prepare for new technology.

Dave Bailey shares 2023 predictions in healthcare cybersecurity including ransomware, supply chain, and medical device threats.

A joint investigation by STAT and The Markup of 50 direct-to-consumer telehealth companies found Virtual care websites were leaking sensitive information to the world’s largest advertising platforms.

The provider says pixels used to collect information about website users may have transferred certain types of patient information since 2017.

Andrew Mahler discusses recent OCR bulletin outlining how organizations using tracking tech like Meta Pixel should pay close attention to whether PHI is being handled in accordance with HIPAA.

Andrew Mahler discusses the recent HHS warning on the use of tracking code in many healthcare websites and portals could be violating HIPAA privacy regulations.

Andrew Mahler, former OCR investigator shares his expertise on new privacy laws and challenges and best practices healthcare, and how they may have added salience in a post-Dobbs decision world.

Clearwater's Jon Moore Jon Moore considers several lessons emerging from the Somnia case related to vendor security.

Andrew Mahler discusses the idea that providers now need to think outside of routine types of patient information disclosures.

Health systems have made progress, but they still have a long way to go, says Clearwater CEO Steve Cagle. Hospital executives must drive change from the top.

Healthcare organizations should be ready to find and patch instances of OpenSSL 3.0, warn cybersecurity experts.

Healthcare security experts are offering their two cents on the technical supply chain as part of a cybersecurity awareness month campaign

Ben Denkers discusses the industry alert issued in September 2022 from the FBI regarding unpatched and outdated medical devices that are vulnerable to cyberattacks

Mac McMillan discusses the impacts and cost of disruption at the latest HCP Fall Conference.

Healthcare security experts are offering their two cents on enabling multi-factor authentication as part of a cybersecurity awareness month campaign