Are You Having A Technology Emergency?

AccessMSP Blog

Access IT Solutions has been serving the Florida area since 2008, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

Attention Florida Healthcare Facilities: FBI Issues a Warning About Unpatched Medical Devices

Attention Florida Healthcare Facilities: FBI Issues a Warning About Unpatched Medical Devices

Medical devices and other connected hospital equipment, for all their benefits, have long been known to feature some serious vulnerabilities that often invite threats in. This was recently addressed in a warning published by the FBI. Let’s consider what the warning says about the risks these medical devices face, and what our neighbors here in Florida should do to protect their patients and practices.

What Makes Some Medical Devices Such a Risk?

The risk comes from a combination of two factors: the importance of these medical devices’ role in the healthcare process, and the unfortunate lack of attention that many IoT (Internet of Things) devices (including those intended for the medical field) ultimately receive.

One of our contemporaries here in Miami, cybersecurity expert William Hodges, summed up the issue quite succinctly:

“Wearable devices are often rushed to market, with little thought to cybersecurity. A company wants to beat others to market with that first IoT heart monitor or blood pressure cuff, yet the price they pay is often in cybersecurity vulnerability.”

This is Exactly the Issue the FBI’s Warning Addressed

In its private industry notification, Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities, the Federal Bureau of Investigation explores the threat. Basically, while the hardware remains in use for decades, the software that powers this hardware should not, at least, not without patches and updates being faithfully applied—but it often still does.

According to Hodges, this was (at least initially) by design.

“Some medical devices are programmed and designed to last decades, and a hacker who couldn’t have breached the device ten years ago may have no problem doing so now.”

The addition of the IoT also increases the complexity of many medical systems, with many different devices present that are beholden to different standards and the regulations dictating how these devices are to be configured and maintained are lacking.

This All Contributes to Some Frightening Stats from the FBI

You may be wondering what exactly a cyberattack that targets healthcare-dedicated IoT devices could do. The FBI cites a few reports that make it only too clear how important it is for a healthcare organization to secure its entire network—including the IoT devices utilized in patient care.

For instance, a report compiled just this year identified the types of medical devices that are susceptible to these attacks. Let me ask you this: how accurately could you provide the proper patient care if a patient’s insulin pump, intracardiac defibrillator, or pacemaker was under a cybercriminal’s control? Not very accurately, I’d imagine, and all because the device itself wasn’t properly patched and updated.

It gets worse, too: a report from 2021 found that there was an average of 6.2 vulnerabilities per medical device, and another report compiled in January of this year found that just over half—53%—of connected medical devices in hospitals had critical vulnerabilities, and a third or so of healthcare IoT devices have some form of critical risk that could impact their functionality.

What the FBI (and We) Recommend

Whether you’re securing the medical devices that are directly administering patient care or trying to protect the data that these patients entrust to you, there are some steps that will prove effective as a means of reducing the risk of these impacts.

  1. It is recommended that all available endpoint protection is applied to your medical devices, whether that’s a cyber security agent or at least an antivirus installed natively or intensive verification measures each time it is connected to the network.
  2. All medical device data should be encrypted.
  3. All medical devices should have some form of endpoint detection and response software keeping an eye on them.
  4. Sufficiently complex and unique passwords should be used to access each medical device.
  5. An inventory management system should be implemented to keep track of all devices and software and ensure that all proper maintenance is performed in a timely manner.
  6. If a medical device is affected by an attack but cannot be replaced, it needs to either be quarantined from the network or have all its network activities closely audited.
  7. Attention should be given to vendors to ensure that any vulnerability disclosures aren’t missed.
  8. All devices should be scanned for vulnerabilities and threats before being added to the operational network.
  9. All employees should be trained to spot various potential threats, especially phishing and social engineering efforts. This is another point that Hodges particularly supports, as it is both effective and inexpensive for a company to carry out.

We can help you accomplish all of this and more with our managed IT service offering. Learn more by giving us a call at (888) 548-9511.

What Martin County Businesses Can Learn from Last ...
How to Choose the Best Fort Lauderdale Computer Su...
Comment for this post has been locked by admin.


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Friday, 03 February 2023

Captcha Image

Areas We Serve

Serving the following Florida counties:

Brevard County Hendry County
Indian River County   Highlands County
Broward County Seminole County
Orange County Volusia County
Osceola County Hardee County
St. Lucie County Desoto County
Martin County Charlotte County
Palm Beach County   Collier County
Lake County Marion County
Polk County Lee County
Glades County Sumter County

Contact Us

Learn more about what AccessMSP can do for your business.

Call Us Today
Call us today
(305) 671-3937

13301 SW 132nd Avenue
Suite 109
Miami, Florida 33186 


601 21st Street 
Suite 300
Vero Beach, Florida 32960 

Latest Blog

Indian River County falls roughly in between West Palm Beach and Orlando, solidly in the Treasure Coast. Home to a variety of healthcare, educational, science, and governmental entities, technology plays a critical role in the operations of...

Copyright AccessMSP. All Rights Reserved.