Security News > 2021 > January > Medical Device Security: Diagnosis Critical
Sadly, concerns about medical device IT security are a healthcare reality.
Ripple20 for instance is a group of bugs found in June 2020, plaguing 53,000 medical device models.
"Maybe you put ransomware on my computer. That's bad. But if you have malware on a medical device that a patient hooked up to, there is tremendous, wide-open risk to human life."
"The coronavirus isn't creating more vulnerabilities in medical devices, it's laid bare the problems that already exist," said Tim Erlin, vice president of product management and strategy at Tripwire.
Because of strict FDA guidelines over device configuration and legally-binding vendor support contracts, patient-care facilities often must rely on slow-to-move vendors for patching, upgrades and replacements - a rare and expensive process.
Suggestions for locking down IoMT devices include assessing a device's exposure to the internet, disabling unnecessary or unused services on devices and segmenting critical networks by IoT-device needs.
News URL
https://threatpost.com/medical-device-security/163127/
Related news
- Download: CIS Critical Security Controls v8.1 (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- HPE patches three critical security holes in Aruba PAPI (source)