Healthcare Innovation recently spoke with Ben Denkers, CIO of CynergisTek, about the industry alert issued last month from the FBI regarding unpatched and outdated medical devices that are vulnerable to cyberattacks
On Sept. 12, the FBI issued an industry alert regarding unpatched and outdated medical devices that provide opportunities for cyberattacks. According to the alert, a growing number of vulnerabilities are caused by unpatched medical devices that run on outdated software and devices are missing sufficient security features.
We reported on Sept. 14 that “The alert says that ‘Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity. Medical device vulnerabilities predominantly stem from device hardware design and device software management. Routine challenges include the use of standardized configurations, specialized configurations, including a substantial number of managed devices on the network, lack of device embedded security features, and the inability to upgrade those features.’
The alert added that “Medical device hardware often remains active for 10-30 years, however, underlying software life cycles are specified by the manufacturer, ranging from a couple months to maximum life expectancy per device allowing cyber threat actors time to discover and exploit vulnerabilities. Legacy medical devices contain outdated software because they do not receive manufacturer support for patches or updates, making them especially vulnerable to cyberattacks.”
Continue reading here.
About the AuthorFollow on Linkedin Visit Website More Content by Ben Denkers