The US FDA has found 11 vulnerabilities (named "URGENT/11") in certain medical devices as well as the publicly available software they run. So far, there are no known exploit events that caused adverse consequences.
Many of these devices use 3rd party software called IPnet, which provides network communications between devices. It appears the original software manufacturer no longer supports IPnet, so certain devices continue to use an unsupported version which will become more vulnerable over time.
The FDA and some medical device manufacturers are investigating which devices are affected, and have provided recommendations to device manufacturers, to health care providers and staff (including IT staff), and to caregivers and patients.
You can view the full article here: US FDA Safety Communication.
We have included recommendations for healthcare staff, caregivers, and patients below:
Health Care Staff
You can report problems with your device through MedWatch Voluntary Reporting Form.
For a confidential discussion of your situation or a competitive quote, give your Technology Partner a call.
The LeeShanok Team