The US FDA has found 11 vulnerabilities (named “URGENT/11”) in certain medical devices as well as the publicly available software they run. So far, there are no known exploit events that caused adverse consequences.
Many of these devices use 3rd party software called IPnet, which provides network communications between devices. It appears the original software manufacturer no longer supports IPnet, so certain devices continue to use an unsupported version which will become more vulnerable over time.
The FDA and some medical device manufacturers are investigating which devices are affected, and have provided recommendations to device manufacturers, to health care providers and staff (including IT staff), and to caregivers and patients.
You can view the full article here: US FDA Safety Communication.
We have included recommendations for healthcare staff, caregivers, and patients below:
Health Care Staff
- Monitor network traffic logs for indications that an URGENT/11 exploit is taking place.
- Use firewalls, virtual private networks (VPN), or other technologies that minimize exposure to URGENT/11 exploitation.
- Talk to your health care provider to determine if your medical device may be affected. Please be aware that health care providers may not have access to this information at the time of issuance of this communication. Device manufacturers should be reaching out to their customers as more information becomes available.
- Seek medical help right away if you think operation or function of your medical device changed unexpectedly.
You can report problems with your device through MedWatch Voluntary Reporting Form.
For a confidential discussion of your situation or a competitive quote, give your Technology Partner a call.
The LeeShanok Team