Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

FDA Warns of Cyber Attacks on Medical Devices

WASHINGTON – US authorities on Thursday warned makers of medical devices and hospital networks to step up efforts to guard against potential cyber attacks.

The US Food and Drug Administration said implanted devices, which could include pacemakers or defibrillators, could be connected to networks that are vulnerable to hackers.

WASHINGTON – US authorities on Thursday warned makers of medical devices and hospital networks to step up efforts to guard against potential cyber attacks.

The US Food and Drug Administration said implanted devices, which could include pacemakers or defibrillators, could be connected to networks that are vulnerable to hackers.

An FDA warning notice was sent to medical device manufacturers, hospitals, medical device user facilities, health care technical staff and biomedical engineers.

Medical Device Security

It said the agency has recently “become aware of cybersecurity vulnerabilities and incidents that could directly impact medical devices or hospital network operations.”

“The FDA is recommending that medical device manufacturers and health care facilities take steps to assure that appropriate safeguards are in place to reduce the risk of failure due to cyberattack,” the warning said.

These devices or systems could be compromised “by the introduction of malware into the medical equipment or unauthorized access to configuration settings in medical devices and hospital networks,” the FDA said.

“This may sound like it is out of a science fiction movie, but the threat is conceivably a serious one,” said Jon Ogg at 24/7 Wall Street.

Advertisement. Scroll to continue reading.

“Can you imagine a device being retooled maliciously, like an inserted pacemaker/defibrillator? Or imagine if a robotic surgery system was maliciously recalibrated in even a slight manner for surgeries.

“The list of threats is endless.”

The FDA said it was “not aware of any patient injuries or deaths associated with these incidents” nor does it have any specific information on targeted devices.

The FDA said it had been working with other federal agencies as well as manufacturers, which it said are “responsible for remaining vigilant about identifying risks and hazards associated with their medical devices.”

Among the measures that should be taken, the FDA said, are limiting unauthorized device access, “particularly for those devices that are life-sustaining or could be directly connected to hospital networks.”

Related Reading: Securing Medical Devices From Attacks

Related ReadingHacking The Human Body SCADA System

Related Reading: Lawmakers Say FDA Needs to Consider Security for Medical Devices

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.