medical devices

Update: Cash for Medical Device Clunkers? Task Force calls for Healthcare Security Overhaul

In-brief: the U.S. healthcare sector is in critical condition and needs urgent, coordinated action to protect patient safety and address vulnerabilities in millions of deployed medical devices, a Congressional Task Force has concluded. (Updated with comments from Joshua Corman of Atlantic Council. PFR June 7, 2017)

Code Blue: 8k Vulnerabilities in Software to manage Cardiac Devices

Software used to remotely program implantable cardiac devices by a number of vendors is rife with exploitable software vulnerabilities that leave the devices vulnerable to attacks and compromise, according to a report by the firm Whitescope Inc.

Update: FDA says St. Jude Medical knew about Device Flaws 2 Years Before Muddy Waters Report

In-brief: In a damning report, the FDA said that St. Jude Medical* knew about serious security flaws in its implantable medical devices as early as 2014, but failed to address them with software updates or other mitigations, or by replacing those devices. (Editor’s note: updated to include a statement from Abbott and comment from Dr. Kevin Fu. – PFR April 14, 2017)

FBI Warns Medical Offices: Exposed FTP Servers are a Target

In-brief: The FBI is telling medical and dental offices to lock down anyFile Transfer Protocol (FTP) servers in their environments, warning that cyber criminals are searching for exposed FTP servers as a pathway to sensitive networks and protected health information (PHI). 

Robot Problems: Research Reveals Cybersecurity Woes

In-brief: a report by the firm IOActive warns that industrial and home robots may be vulnerable to remote, software based attacks.