On Tuesday, tThe FBI has released a report offering recommendations to address a number of cybersecurity vulnerabilities in active medical devices from outdated software, as well as the lack of safety features in older hardware.
Once exploited, the vulnerabilities could impact healthcare facility operations, patient safety, privacy and data integrity. If a cyberattacker takes control, they can direct the devices to give inaccurate readings, administer drug overdoses, or otherwise health of patients at risk.
The FBI noted in its briefing that a mid-year healthcare cybersecurity scan found that equipment vulnerable to cyberattacks includes insulin pumps, intracardiac defibrillators, mobile heart telemetry, pacemakers and intrathecal pain pumps.
Routine challenges include the use of standardized configurations, specialized configurations – including a significant number of managed devices on a network – and the inability to upgrade device security features, according to the FBI announcement. .
The agency further adds that the research found an average of 6.2 vulnerabilities per medical device and that 40% of end-of-life medical devices offer few or no patches or security upgrades.
The new briefing is available to help healthcare IT leaders take action to identify and secure devices and educate employees through risk mitigation training. He reviews:
Identity and access management.
Training to help mitigate risks associated with employees.
The FBI also asks to be notified through local field offices of any suspicious or criminal activity involving medical devices, including name of organization, contact; the date, time and place; the type of activity; the number of people affected; and type of equipment.
Access the recommendations on the American Hospital Association website.
Andrea Fox is the editor of Healthcare IT News.
Healthcare IT News is a HIMSS publication.
#FBI #sheds #light #cybersecurity #risks #obsolete #medical #devices