reported “Cyberthreat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality and data integrity…”. The September 14, 2022 report entitled “FBI Warns of Cyberthreats to Legacy Medical Devices” ( included these recommended steps from the FBI:

  • Using anti-malware software on an endpoint device, when possible. If not supported, organizations should provide integrity verification whenever the device is disconnected for service and before it is reconnected to the IT network;
  • Encrypting medical device data while in transit and at rest;
  • Using endpoint detection and response and extended detection and response products to improve medical device visibility and protection;
  • Ensuring default device passwords are changed to secure and complex passwords specific for each medical device;
  • Maintaining an electronic inventory management system for all medical devices and associated software, including third-party software components, operating systems, version and model numbers;
  • Using inventory management to identify critical medical devices, operational properties and maintenance time frames;
  • Considering replacement options for affected medical devices as part of purchasing process, when feasible. Otherwise, isolate vulnerable devices from the network and audit the device’s network activities;
  • Monitoring and reviewing medical device software vulnerabilities disclosures made by vendors and conducting independent vulnerability assessments;
  • Implementing a routine vulnerability scan before installing any new medical device onto the operating IT network.

Watch out!