The FBI is the latest federal agency warning healthcare sector entities of cyberattack threats to medical devices, especially unpatched and outdated products, recommending that organizations take steps to identify vulnerabilities and “actively secure” the gear.
The FBI in a private industry notification issued Monday says it has identified “an increasing number of vulnerabilities” posed by unpatched legacy medical devices that run on outdated software and devices that lack adequate security features.
Attackers could exploit an array of devices including insulin pumps, cardiac defibrillators, mobile cardiac telemetry, pacemakers and intrathecal pain pumps, the advisory says.
Threat actors could manipulate devices to give “inaccurate readings, administer drug overdoses or otherwise endanger patient health,” the alert warns.
The FBI did not specify any particular new attack threat prompting the bureau to issue the alert about legacy medical device cybersecurity issues, given that healthcare entities have been dealing with these challenges for years.