The FBI recommendations address a number of cybersecurity vulnerabilities in active medical devices stemming from outdated software as well as a lack of security features in older hardware.
Once exploited, the vulnerabilities could impact healthcare facility operations, patient safety, data confidentiality and data integrity. If a cyber attacker takes control, they can direct devices to give inaccurate readings, administer drug overdoses or otherwise endanger patient health.
The FBI notes in the briefing that a mid-year healthcare cybersecurity analysis found equipment vulnerable to cyber attacks includes insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers, and intrathecal pain pumps.
Routine challenges include the use of standardized configurations, specialized configurations – including a substantial number of managed devices on a network – and the inability to upgrade device security features, according to the FBI’s announcement.
The agency further adss that research has found an average of 6.2 vulnerabilities per medical device and that 40% of medical devices at the end-of-life stage offer little to no security patches or upgrades.
The new briefing is available to help healthcare IT managers act to identify and secure devices and raise employee awareness through risk mitigation training. It reviews:
Identity and access management
Training to help mitigate risks associated with employees
The FBI also requests to be notified through local field offices about suspicious or criminal activity involving medical devicesthe – organization name and contact, date, time, location, type of activity, number of people and type of equipment.
Access the recommendations on the American Hospital Association website.
Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a HIMSS publication.
Source: Read Full Article