FDA’s Cyber Security Team Issues Warning on Medical Devices
Report urges health care facilities to take proactive measures (June 13)
According to a June 13 alert issued by the FDA’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), researchers at the cyber security firm Cylance Inc. have discovered a hard-coded password vulnerability affecting roughly 300 medical devices across approximately 40 vendors. They report that the vulnerability could be exploited to potentially change critical settings and/or modify device firmware.
ICS-CERT issued its alert to provide early notice of the report and to identify baseline mitigations for reducing risks to these and other cyber security attacks.
The affected devices have hard-coded passwords that can be used to permit privileged access to devices, such as passwords that would normally be used only by a service technician. In some devices, this access could allow critical settings or the device firmware to be modified.
The affected devices fall into a broad range of categories, including but not limited to:
- Surgical and anesthesia devices
- Drug infusion pumps
- External defibrillators
- Patient monitors
- Laboratory and analysis equipment
ICS-CERT and the FDA are not aware that this vulnerability has been exploited, nor are they aware of any patient injuries resulting from this potential cybersecurity vulnerability.
ICS-CERT recommends that device manufacturers, health care facilities, and users of these devices take proactive measures to minimize the risk of exploitation of this and other vulnerabilities. These steps may include:
- Limit unauthorized device access to trusted users only, particularly for those devices that are life-sustaining or could be directly connected to hospital networks.
- Use appropriate security controls (e.g., user ID and password, physical locks, card readers, and guards).
- Develop strategies for active security protection, such as timely deployment of routine, validated security patches and methods to restrict software or firmware updates to authenticated code.
- Use design approaches that maintain a device’s critical functionality, even when security has been compromised, known as “fail-safe modes.”
- Provide methods for retention and recovery after an incident where security has been compromised.
Source: ICS-CERT; June 13, 2013.