There are also initiatives led by industry and government aimed at standardizing device information and establishing baseline security criteria for manufacturing these devices. Food and Drug Administration (FDA) announced seven recalls for infusion pumps or their components in 2021, and nine other recalls in 2020. There is already a vast array of information about known vulnerabilities and approaches for securing these devices, thanks to the efforts of medical equipment makers, security researchers, cybersecurity vendors and regulators who have spent the past decade working to better understand cyber risks associated with use of infusion pumps and other connected medical devices. One of the most striking findings was that 52 percent of all infusion pumps scanned were susceptible to two known vulnerabilities that were disclosed in 2019 – one with a “critical” severity score and the other with a “high” severity score. These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices. An alarming 75 percent of infusion pumps scanned had known security gaps that put them at heightened risk of being compromised by attackers. We reviewed crowdsourced data from scans of more than 200,000 infusion pumps on the networks of hospitals and other healthcare organizations using IoT Security for Healthcare from Palo Alto Networks. This topic is of critical concern because security lapses in these devices have the potential to put lives at risk or expose sensitive patient data. Unit 42 recently set out to better understand how well hospitals and other healthcare providers are doing in securing smart infusion pumps, which are network-connected devices that deliver medications and fluids to patients.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |