Security News Medical Device Cyber Vulnerabilities: More Alerts

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Healthcare Organizations Face Challenge of Tracking, Mitigating All the Risks Identified

The Department of Homeland Security has issued two more advisories concerning cyber vulnerabilities in certain medical devices, the latest in a series of alerts this year.
The stream of recent advisories is helping to draw more attention to the importance of addressing device security, many security experts say.

Since April, DHS's Industrial Control Systems Emergency Response Team has issued about a half dozen alerts advising healthcare entities of cyber vulnerabilities in equipment ranging from medical imaging systems to patient monitoring gear.

The intensifying attention on medical device cybersecurity is creating pressure on healthcare entities to keep track of - and then address - the findings involving medical devices used in their environments.
Two New Alerts

The most recent alert issued on June 5 pertains to improper authentication, information exposure, and stack-based buffer overflow vulnerabilities in certain Philips' Intellivue patient monitors and Avalon fetal and maternal monitors.

ICS-CERT notes that those issues "may allow an attacker to read/write memory, and/or induce a denial-of-service through a system restart, thus potentially leading to a delay in diagnosis and treatment of patients."

In addition, a May 17 ICS-CERT advisory warns of a vulnerability involving "missing encryption" for sensitive data contained in the Medtronic N'Vision Clinician Programmer, a small, portable device that offers a single programming platform for Medtronic Neurological implantable therapy devices.

If exploited, the vulnerability could allow an attacker with physical access to an 8870 N'Vision Compact Flash card to access patient data, ICS-CERT warns.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top