ISC-CERT warns about medical devices with hard-coded passwords
Posted on 14 June 2013.
Approximately 300 different surgical and anesthesia devices, ventilators, drug infusion pumps, external defibrillators, patient monitors, and laboratory and analysis equipment have been found to have hard-coded passwords - a fact that can be taken advantage of by malicious actors to change devices' critical settings or even modify their firmware.


The discovery of this vulnerability has been made public by ICS-CERT and the U.S. Food and Drug Administration (FDA), both of whom issued alerts, but assured that there is no indication that such attacks have ben already spotted in the wild.

They have, understandably, not shared the names of the manufacturers and the devices that have been found to be affected by the flaw.

"ICS-CERT and the FDA have notified the affected vendors of the report and have asked the vendors to confirm the vulnerability and identify specific mitigations," confirmed the former organization, adding that both orgs will follow up with specific advisories and information as appropriate.

In the meantime, health care facilities have been urged to evaluate their network security and protect their hospital system by restricting unauthorized access to the network and networked medical devices, keeping antivirus software and firewalls up-to-date, monitoring network activity for unauthorized use, protecting individual network components through routine and periodic evaluation, developing and evaluating strategies to maintain critical functionality during adverse conditions, and contacting the specific device manufacturer if they think they may have a cybersecurity problem related to a medical device.

"Many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the Internet, hospital networks, other medical device, and smartphones, there is an increased risk of cybersecurity breaches, which could affect how a medical device operates," pointed out the FDA.









Spotlight

Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //