FDA Unveils New Info on Medical System Cyber Vulnerabilities

Jeff Brody

The Food and Drug Administration has released additional information on certain cybersecurity vulnerabilities that threaten hospital network systems and medical devices. Cyber actors may remotely take advantage of URGENT/11 vulnerabilities to disrupt services, leak information and alter devices, FDA said Tuesday.

Department of Homeland Security originally announced these vulnerabilities in July 2019, and has since not received reports on associated cases. FDA's new information includes input on the vulnerabilities' sources and recommendations for risk reduction.

IPnet, a third-party communications software, contains URGENT/11 vulnerabilities. Some medical devices may still contain the IPnet due to some manufacturers that still hold license for the software. FDA is also aware of the vulnerabilities' presence in VxWorks, Operating System Embedded, INTEGRITY, ThreadX, ITRON and ZebOS operating systems.

The agency recommends manufacturers to coordinate with medical care providers to form mitigation plans against URGENT/11 vulnerabilities.

Check Also


NSA Warns of Cyber Vulnerability in Email Transfer Software

The National Security Agency has identified a vulnerability that Russian cyber actors take advantage of to attack mail transfer networks. Sandworm Team, a Russian military group, has exploited the CVE-2019-10149 vulnerability found in the Exim software that Linux and Unix systems use as a mail transfer agent, NSA said Thursday.