Security News > 2022 > February > Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft

The rush to roll out remote healthcare has also unleashed a universe of wearable medical devices to collect sensitive data, which researchers say are widely vulnerable to attack.

Analysts with Kaspersky Labs reported finding 33 vulnerabilities last year in the most widely used data transfer protocol for internet of things medical devices, known as MQTT - that's 10 more than the previous year.

"Overall, we expected that 2021 would be a year of greater collaboration between the medical sector and IT security specialists," the Kaspersky team said.

As the Kaspersky researchers point out, authentication isn't required, and encryption is sparse, making devices with MQTT exposed to man-in-the-middle attacks and data theft.

It's up to hospitals and medical service providers to build telehealth systems with security in mind, Nate Warfield, CTO of Prevailion wrote in Threatpost last summer.

Kaspersky recommended the obvious security factors of using strong passwords and having good user security training, but added that application developers need to do more.

News URL

https://threatpost.com/unpatched-security-bugs-medical-wearables-patient-tracking-data-theft/178150/