FDA alerts providers, others to medical device cyber vulnerability

The Food and Drug Administration today recommended medical device manufacturers, health care providers and patients take certain actions to reduce the risk that a remote attacker could exploit a set of cybersecurity vulnerabilities to control a medical device or prevent it from functioning. The agency to date has not received any adverse event reports associated with the vulnerabilities, announced in a July advisory from the Department of Homeland Security. The vulnerabilities exist in IPnet, a third-party software component that supports network communications between computers. The software is part of several operating systems and may be used in a wide range of medical and industrial devices.