The FBI has published a private industry notification recommending healthcare providers actively secure medical devices, identify vulnerabilities, and increase employee awareness reporting, in order to help mitigate the cybersecurity risk posed by medical devices.
The U.S. Federal Bureau of Investigation has issued a warning that unpatched and outdated medical devices are providing cyberattack opportunities to hackers.
In a Private Industry Notification issued Sept. 12, the FBI said it has identified an increasing number of vulnerabilities from unpatched medical devices that run outdated software and lack adequate security features.
While noting that medical device hardware often remains active for 10 to 30 years, underlying software lifecycles specified by the manufacturer can range from a couple of months to maximum life expectancy, allowing threat actors lots of time to discover and exploit vulnerabilities. Legacy medical devices are said to contain outdated software because they don’t receive manufacturer support for patchers or updates, opening the door to attackers.
Read the full story at Silicon Angle.