"FBI Warns of Vulnerabilities in Medical Devices Following Several CISA Alerts"

The FBI warns of hundreds of vulnerabilities in widely used medical devices that could enable cyberattacks. The FBI's Internet Crime Complaint Center (IC3) identified an increasing number of vulnerabilities posed by unpatched medical devices running on outdated software and devices lacking adequate security features. Vulnerabilities have been discovered in insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers, and intrathecal pain pumps, that malicious hackers could exploit to take control of devices, change readings, administer drug overdoses, and more. The alert emphasizes that cyber threat actors who exploit medical device vulnerabilities could adversely impact healthcare facilities' operational functions, patient safety, data confidentiality, and data integrity. Most medical device vulnerabilities stem from inadequate device hardware design and software management. Standardized configurations, specialized configurations, a large number of managed devices on the network, a lack of device-embedded security features, and the inability to upgrade those features are all common challenges. According to the FBI, medical device hardware is often used for over 30 years in some healthcare facilities, giving cybercriminals and state actors plenty of time to discover and exploit bugs. Many legacy devices used by hospitals and clinics run on outdated software because they do not receive manufacturer support for patches or updates. In addition, many devices are not designed with security in mind. This article continues to discuss the warning issued by the FBI's IC3 about vulnerabilities in medical devices. 

The Record reports "FBI Warns of Vulnerabilities in Medical Devices Following Several CISA Alerts"