Source: FBI Alert I-101717a-PSA
Dept. of Homeland Security issued 30 advisories about cybersecurity vulnerabilities in medical IoT devices
|The FDA is the only federal government agency responsible for the cybersecurity of medical IoT devices.||The FDA works closely with other federal government agencies, such as the U.S. Department of Homeland Security (DHS), but also works with members of the private sector, medical IoT device manufacturers, health care delivery organizations, security researchers, and end users to increase the security of critical cyber infrastructure.|
|Medical IoT device manufacturers can’t update medical IoT devices for cybersecurity.||Medical IoT device manufacturers can always update a medical IoT device for cybersecurity. In fact, the FDA does not typically need to review medical IoT device updates implemented solely to strengthen cybersecurity.|
|The FDA tests medical IoT devices for cybersecurity.||The FDA does not conduct premarket testing for medical products. Testing is the responsibility of the medical IoT product manufacturer.|
The ecfirst medical IoT Cybersecurity Report includes an Asset Inventory, which identifies specific medical IoT device information such as:
Explosion of medical IoT devices increases pressure for significantly improved cyber defense against incursions that threaten patients and cause costly disruptions
Number of medical IoT devices in a hospital can be more than twice the number of traditional networked devices, such as laptops and smartphones
Medical IoT devices typically run legacy operating system with known vulnerabilities waiting to be exploited
60% of medical IoT devices are at end-of-life stage, with no patches or upgrades available
Medical IoT devices in use by hospitals and other healthcare organizations average 20+ years of use per device, making them prime hacker targets
Healthcare organizations typically have minimal visibility into managing and monitoring medical IoT devices
Challenge Every hospital and health system must improve its cyber capabilities to monitor and manage medical IoT devices to ensure patient life is not threatened and healthcare operations are not disrupted.
Solution AI-based Culinda provides deeper visibility and integrated capabilities to mitigate by continuously monitoring and managing medical IoT devices.
15-20 connected medical IoT devices in a typical hospital room, and an average of 6.2 vulnerabilities on each medical IoT devices
The Center for Health Affairs & ecfirst Partner to Help Hospitals Navigate COVID-19 Cyber Risk, May 26, 2020.