The U.S. Federal Bureau of Investigation (FBI) has issued a report detailing the potential cybersecurity risks associated with outdated and unpatched medical devices.
The report, titled “Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities,” offers frightening details regarding the extent of the medical device cyber risk. For example, according to research published in 2022 and cited by the FBI, 53% of connected medical devices used in hospital settings had known, critical vulnerabilities that can pose a risk to patients, including those with severe medical conditions.
A separate 2021 research report cited in the Bureau’s report determined that the average medical device has more than six separate vulnerabilities and that medical devices at their end-of-life stage have few or no security patches or upgrades available.
The FBI’s report also provides a comprehensive list of steps that healthcare institutions can take to secure medical devices, including more robust endpoint protection, vulnerability management, and increased employee training to help mitigate risks.
Read the FBI’s Private Industry Notification regarding the cybersecurity of medical devices.
