Security News

In the hopes of helping security professionals better address cybersecurity and regulation, we conducted the 2022 Medical Device Cybersecurity: Trends and Predictions Survey Report, speaking to 150 senior decision makers who oversee product security or cybersecurity compliance in the medical device industry, to learn about their biggest challenges and how they plan to address them. As medical regulation around cybersecurity catches up with today's complex device software ecosystem and new and emerging threats, it is likely that organizations will have a better benchmark with which to determine their security posture.

Built and supported by vast communities of developers, OSS has become the ubiquitous building block of devices and apps in the general information technology community where 92% of applications now contain open source software - and medical devices have been catching up with that trend over the past few years. One open source library could be pulling in any number of dependencies: other open source libraries in a potentially long chain that also need to be examined.

The French data protection authority fined medical software vendor Dedalus Biology with EUR 1.5 million for violating three articles of the GDPR. Dedalus Biology provides services to thousands of medical laboratories in the country and the fine is for exposing sensitive details of of 491,939 patients from 28 laboratories. More specifically, during migration from the software of a different vendor, at the request of two medical laboratories, Dedalus extracted more information than required.

Cybellum released a survey report about medical device cybersecurity, along with trends and predictions for 2022. Medical device cybersecurity has become an extremely complex challenge.

Mobile robot maker Aethon has fixed a series of vulnerabilities in its Tug hospital robots that, if exploited, could allow a cybercriminal to remotely control thousands of medical machines. Cynerio did find "Several" hospitals in the US and globally that were using the internet-connected robots, and in each of these cases the researchers could exploit the vulns to remotely control the robots from the Cynerio Live research lab.

A Software Advice survey revealed how cyberattacks can negatively impact healthcare providers by threatening core functions and patient privacy. According to findings, 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years.

Findings reveal that 22% of small practices and 45% of large practices have experienced a ransomware attack at some point, with numbers rising in the past three years. According to the survey, the majority of both small and large practices said between 81% and 100% of all their data is stored digitally.

The genesis of this resource was the recognition that medical device cybersecurity responsibility and accountability between Medical Device Manufacturers and Health Delivery Organizations is complicated by many conflicting factors, including: uneven MDM capabilities and investment in cybersecurity controls built into device design and production; varying expectations for cybersecurity among HDOs; and high cybersecurity management costs in the HDO operational environment throughout the device lifecycle. The purpose of this Model Contract Language is to offer a reference for shared cooperation and coordination between HDO's and MDM's regarding the security, compliance, management, operation, services, and security of MDM-managed medical devices, solutions, and connections.

As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices. Collectively called "Access:7," the weaknesses - three of which are rated Critical in severity - potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.

A set of seven vulnerabilities collectively tracked as Access:7 have been found in PTC's Axeda agent, a solution used for remote access and management of over 150 connected devices from more than 100 vendors. Developed by Parametric Technology Corporation, the Axeda platform through locally deployed agents provides telemetry data from IoT devices on the network and the option for remote service.