FBI recommends action to protect vulnerable medical devices from cyberattacks

Sep 12, 2022 - 03:20 PM
Cybersecurity woman IT professional

The FBI today released recommendations to help protect medical devices from cyberattacks that can threaten health care operations, patient safety, and data privacy and integrity, citing a growing number of unpatched medical device vulnerabilities.

“This past June, the AHA issued a letter of support to Congress for pending legislation known as the PATCH Act,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The letter echoed the need for medical device manufacturers to implement increased cybersecurity requirements for medical devices. Cyber vulnerabilities in medical devices, often containing outdated legacy technology, have posed a significant cyber risk to hospitals. In 2017, the FBI reported that the North Korean WannaCry global health care ransomware attack was fueled by vulnerabilities in medical devices.  

“The pending legislation would require medical device manufacturers to monitor and identify post-market vulnerabilities in a timely manner, develop a plan for coordinated vulnerability disclosure, provide lifetime cybersecurity support of the device and provide an accounting of all software contained in the device, including third party software. 

“In the interim, it is good practice to increase cybersecurity requirements in medical device and medical technology business associate agreements. An excellent resource for medical technology model contract language can be found here.”

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
AHA's Pollack breaks down role of hospitals in the future of health care on Pinkston podcast 
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of…
Headline
Agencies provide cyberthreat updates and resources leading up to election 
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information…
Headline
CISA warns of foreign actor conducting large-scale spear-phishing campaign with malicious files 
The Cybersecurity and Infrastructure Security Agency Oct. 31 issued an alert on a large-scale spear-phishing campaign targeting organizations in several…
Headline
HC3 issues alert on vulnerabilities in certain Oracle products; Microsoft warns of Russian spear-phishing campaign 
The Health Sector Cybersecurity Coordination Center on Oct. 28 released a report on the "Miracle Exploit," a set of critical vulnerabilities affecting Oracle…
Headline
AHA blog: A Look at 2024’s Health Care Cybersecurity Challenges 
A new AHA Cyber Intel blog by John Riggi, AHA’s national advisor on cybersecurity and risk, examines current trends and challenges in health care regarding…
Chairperson's File
Chair File: Preventing and Mitigating Cyberattacks to Protect Patients
Cyberattacks are increasing and expected to reach record numbers in the U.S. by the end of 2024. Although no field or industry is immune from attacks that…