US FDA suggests 11 vulnerabilities in Medical Device Software

    US Food and Drug Administration (FDA) has released a media update stating 11 vulnerabilities in the software used in the medical device operations. Referred to as URGENT/11, the researchers suggest that these blind spots can leave a high number of connected medical devices exposed to remote hackers.


    Though, to date, none of those devices were reported as cyber attacked. But as the numbers are high, any level of exploitation could spell staggering risks on patients and healthcare professionals.


    Officials from FDA confirmed that the issue was brought to their notice by a small Cybersecurity firm named Armis which specializes in securing connected devices. Security researchers from the California based security firm say that the issue raised from Ipnet software which helps in establishing network communication between computers.


    Wind River company which owns the Ipnet software uses it in its real-time operating system(RTOS) which is built to track down data from medical devices with precision and great reliability.


    Note- Over 2 billion devices are said to be operating on the RTOS acquired by Wind River in 2006.


    Technically speaking, evolution among medical devices takes place occasionally as development, designing and regulatory approvals of these devices are quite slow when compared to consumer products. 


    So, manufacturers do have a big responsibility while designing a product as they need to keep the Cybersecurity measures intact for the entire life cycle of that device. Furthermore, there needs to be a lot of financial input to induce skilled labor for maintaining and updating the software in the devices- which only a few medical device development companies have managed to date.


    Fortunately, URGENT/11 Vulnerabilities were discovered before any cyber attack campaign took place on the current batch. Thus, the alert highlights the need for cyber-secure connected healthcare systems of the future.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display