Most medical device cybersecurity issues attributed to user authentication, report finds

The most common cybersecurity vulnerability among medical devices relates to user authentication, which is often the first line of defense against a hacker, according to a MedCrypt report.

For the report, MedCrypt — a medical device security company — reviewed alerts that various medical device vendors have submitted to the Industrial Control Systems-Cyber Emergency Response Team, a program of the U.S. Department of Homeland Security, since 2013. In total, MedCrypt detected 47 cybersecurity disclosures from medical device companies, comprising 122 vulnerabilities.

Most of the vulnerabilities MedCrypt identified — 70 percent — occurred after the FDA released its Postmarket Management of Cybersecurity in Medical Device Guidance December 2016.

Here are the most common causes of the 85 vulnerabilities that companies disclosed through the ICS-CERT system after December 2016:

1. User authentication: 42 percent

2. Code defect: 28 percent

3. Encryption: 8 percent

4. Operating system: 8 percent

5. Third-party library: 5 percent

6. System configuration: 4 percent

MedCrypt attributed an additional 5 percent of cybersecurity vulnerabilities to a "miscellaneous" category.

To download MedCrypt's report, click here.

More articles on cybersecurity:
NIST: How to secure patient records on smartphones, tablets
Flaw in medical devices might allow hackers to change patient vital signs, McAfee finds
Healthcare cloud provider offers HITRUST-certified products for Amazon, Google, Microsoft clouds

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months