Outdated Medical Devices are an Enterprise Problem

Healthcare Innovation recently spoke with Ben Denkers, CIO of CynergisTek, about the industry alert issued last month from the FBI regarding unpatched and outdated medical devices that are vulnerable to cyberattacks

On Sept. 12, the FBI issued an industry alert regarding unpatched and outdated medical devices that provide opportunities for cyberattacks. According to the alert, a growing number of vulnerabilities are caused by unpatched medical devices that run on outdated software and devices are missing sufficient security features.

We reported on Sept. 14 that “The alert says that ‘Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity. Medical device vulnerabilities predominantly stem from device hardware design and device software management. Routine challenges include the use of standardized configurations, specialized configurations, including a substantial number of managed devices on the network, lack of device embedded security features, and the inability to upgrade those features.’

The alert added that “Medical device hardware often remains active for 10-30 years, however, underlying software life cycles are specified by the manufacturer, ranging from a couple months to maximum life expectancy per device allowing cyber threat actors time to discover and exploit vulnerabilities. Legacy medical devices contain outdated software because they do not receive manufacturer support for patches or updates, making them especially vulnerable to cyberattacks.”

Continue reading here

 

About the Author

Ben Denkers

Ben Denkers is the CIO at CynergisTek where he is responsible for supporting growth, ensuring effective and efficient service delivery, and achieving the highest levels of client and employee satisfaction for CynergisTek’s security, privacy and compliance services. Denkers has nearly 20 years of experience in information security and consulting that includes markets such as finance, automotive, energy, manufacturing, and healthcare. With the threat landscape changing daily, this breadth of experience provides a unique perspective to the industry specific risks organizations face. He has been recognized for building, training, and optimizing team productivity. His strong focus on providing the operating framework, training, and development, and decisive leadership has empowered his teams to achieve tremendous success and drive business growth.

Follow on Linkedin Visit Website More Content by Ben Denkers
Previous Article
Cybersecurity Awareness Throughout the Technical Supply Chain
Cybersecurity Awareness Throughout the Technical Supply Chain

Healthcare security experts are offering their two cents on the technical supply chain as part of a cyberse...

Next Article
Healthcare Security Insights and Perspectives from Mac McMillan
Healthcare Security Insights and Perspectives from Mac McMillan

Mac McMillan discusses the impacts and cost of disruption at the latest HCP Fall Conference.