ISC-CERT warns about medical devices with hard-coded passwords
Posted on 14 June 2013.
Approximately 300 different surgical and anesthesia devices, ventilators, drug infusion pumps, external defibrillators, patient monitors, and laboratory and analysis equipment have been found to have hard-coded passwords - a fact that can be taken advantage of by malicious actors to change devices' critical settings or even modify their firmware.


The discovery of this vulnerability has been made public by ICS-CERT and the U.S. Food and Drug Administration (FDA), both of whom issued alerts, but assured that there is no indication that such attacks have ben already spotted in the wild.

They have, understandably, not shared the names of the manufacturers and the devices that have been found to be affected by the flaw.

"ICS-CERT and the FDA have notified the affected vendors of the report and have asked the vendors to confirm the vulnerability and identify specific mitigations," confirmed the former organization, adding that both orgs will follow up with specific advisories and information as appropriate.

In the meantime, health care facilities have been urged to evaluate their network security and protect their hospital system by restricting unauthorized access to the network and networked medical devices, keeping antivirus software and firewalls up-to-date, monitoring network activity for unauthorized use, protecting individual network components through routine and periodic evaluation, developing and evaluating strategies to maintain critical functionality during adverse conditions, and contacting the specific device manufacturer if they think they may have a cybersecurity problem related to a medical device.

"Many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the Internet, hospital networks, other medical device, and smartphones, there is an increased risk of cybersecurity breaches, which could affect how a medical device operates," pointed out the FDA.









Spotlight

The context-aware security lifecycle and the cloud

Posted on 25 November 2014.  |  Ofer Wolf, CEO at Sentrix, explains the role of the context-aware security lifecycle and illustrates how the cloud is shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Nov 26th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //