The FBI is warning healthcare facilities of the risks associated with unpatched and outdated medical devices.
Security flaws in medical devices could adversely impact the operations of healthcare facilities, while also affecting the safety of patients and data confidentiality and integrity, the FBI says.
Both hardware design and device software management faults could lead to security vulnerabilities, especially if specific configurations are used, embedded security features are missing or cannot be updated, or there are too many devices to manage.
Some medical devices may remain in use for up to 30 years, which provides threat actors with enough time to identify and exploit vulnerabilities, especially if the software running on them has reached end of life (EOL).
“Legacy medical devices contain outdated software because they do not receive manufacturer support for patches or updates, making them especially vulnerable to cyberattacks,” the FBI says.