According to the latest news, the U.S. Food & Drug Administration (FDA) has identified serious cybersecurity vulnerabilities in the patch of ‘Abbott’ implantable cardiac pacemakers. As a result, more than 450,000 devices need to be reprogrammed, and several of the vulnerable models have been recalled in the US. Kaspersky Lab has been investigating the problem of smart medicine, revealing the high level of vulnerability that results from an ever-increasing number of medical devices connected to data systems. Denis Makrushin, Security Researcher at Kaspersky Lab commented below.
Denis Makrushin, Security Researcher at Kaspersky Lab:
“Vulnerabilities in smart medical devices such as pacemakers and insulin pumps can directly affect a victim – and the cybersecurity industry repeatedly reminds organisations of this. But while the industry is trying to take a deeper look at new wearable and implantable smart medical devices, we cannot forget about traditional IT-infrastructure in medical facilities. In our research we’ve demonstrated that a lot of medical information is available online for anyone to access and this can harm a human life. Vulnerabilities and misconfiguration in the medical IT-infrastructure may also affect the owner of a medical business. That’s why IT-administrators of medical facilities need to be constantly aware of security processes in their infrastructure.
“In order to provide a high level of protection for medical IT infrastructure, Kaspersky Lab recommends security measures such as changing passwords and updating medical system software, as well as excluding all information systems that process medical data from external access, and isolating medical equipment in a separate segment with connection to a workstation. We also advise organisations to make an inventory of medical IT assets and to abstain from connecting costly medical equipment to the major local area network, and to use a secure solution for the early detection of malicious activities.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.