Critical vulnerabilities expose medical devices to cyberattacks

The U.S. Food and Drug Administration (FDA) warn of new safety flaws that could affect communications from certain medical equipment, based on Bluetooth technology.

According to the agency, this cybersecurity issue could allow cybercriminals to access these computers and remotely lock them. This set of vulnerabilities, identified as “SweynTooth” could impact various medical equipment, such as glucose monitors, insulin pumps, pacemakers and even ultrasound machines. There are no known cases of exploitation in real-world scenarios of these vulnerabilities, the FDA says.

Although in its report the regulator makes only mention of seven manufacturers of potentially exposed medical devices, cybersecurity specialists believe that it is highly possible that these security flaws will affect the industry in General. The manufacturers mentioned in the FDA report are:

  • Texas Instruments
  • NXP
  • Cypress
  • Dialog Semiconductors
  • Microchip
  • STMicroelectronics
  • Telink Semiconductor

The FDA has asked manufacturers to communicate with hospitals that use their products to try to alert potentially exposed patients as soon as possible.

The use of technology is very common among devices found in hospitals and other facilities. Thousands of technological devices use this technology in multiple areas, so security flaws could affect millions of people. As if that weren’t enough, it’s difficult for manufacturers to release updates for these kinds of devices, so even if a security patch is developed, it would take too long to reach the affected computers.