For the report, MedCrypt — a medical device security company — reviewed alerts that various medical device vendors have submitted to the Industrial Control Systems-Cyber Emergency Response Team, a program of the U.S. Department of Homeland Security, since 2013. In total, MedCrypt detected 47 cybersecurity disclosures from medical device companies, comprising 122 vulnerabilities.
Most of the vulnerabilities MedCrypt identified — 70 percent — occurred after the FDA released its Postmarket Management of Cybersecurity in Medical Device Guidance December 2016.
Here are the most common causes of the 85 vulnerabilities that companies disclosed through the ICS-CERT system after December 2016:
1. User authentication: 42 percent
2. Code defect: 28 percent
3. Encryption: 8 percent
4. Operating system: 8 percent
5. Third-party library: 5 percent
6. System configuration: 4 percent
MedCrypt attributed an additional 5 percent of cybersecurity vulnerabilities to a “miscellaneous” category.
To download MedCrypt’s report, click here.
More articles on cybersecurity:
NIST: How to secure patient records on smartphones, tablets
Flaw in medical devices might allow hackers to change patient vital signs, McAfee finds
Healthcare cloud provider offers HITRUST-certified products for Amazon, Google, Microsoft clouds
