FBI: Legacy Medical Devices Pose Risk Of Exploit, Patient Safety Impacts

Medical devices are one of healthcare’s biggest security challenges. A new FBI shows threat actors are increasingly targeting legacy devices. (Photo credit: “MRI” by Muffet is licensed under CC BY 2.0.)

Cyber threat actors are increasingly exploiting unpatched medical devices operating on outdated software and those with a lack of adequate security features, according to a new FBI private industry notification.

An increasing number of vulnerabilities have been identified on these vulnerable devices, where an exploit could impact data integrity and confidentiality, in addition to causing disruptions in operational functions and impacting patient safety.

For industry leaders, many of the listed medical device security risks may be familiar: hardware design and software management vulnerabilities, the use of standardized or specialized configurations, missing embedded security features, and the inability to upgrade those features. 

Further, some devices leverage customized software that requires special upgrading or patching procedures, which only compounds existing delays with patching in the healthcare environment. There is also the ecosystem to consider, often complex with a substantial number of devices.

“Medical device hardware often remains active for 10 to 30 years, however, underlying software life cycles are specified by the manufacturer, ranging from a couple months to maximum life expectancy per device allowing cyber threat actors time to discover and exploit vulnerabilities,” the alert reminds healthcare entities

For the FBI, the leading concerns center around legacy devices and the reliance on outdated software due to the lack of support, patches, or updates from manufacturers. As such, many devices

Read more

Explore the site

More from the blog

Latest News