The FDA said March 4 that it has identified a set of cybersecurity vulnerabilities that could allow hackers to access certain medical devices.
The class of vulnerabilities is called "SweynTooth" and affects wireless communication technology called Bluetooth Low Energy, or BLE. Bluetooth low energy allows two devices to pair to exchange information while preserving battery life.
Bluetooth low energy is found in many medical devices, and the SweynTooth vulnerabilities may allow an unauthorized user to wirelessly crash the device, stop it from working or access device functions normally only available to the user.
The FDA said software to exploit the vulnerabilities is publicly available in certain situations, but it is not aware of any confirmed adverse events related to the SweynTooth vulnerabilities.
The SweynTooth vulnerabilities could affect pacemakers, glucose monitors, insulin pumps, or larger devices used in healthcare settings such as ultrasound machines or electrocardiograms.
The FDA said it is aware of several microchip manufacturers affected by the vulnerabilities, and those microchips may be in a variety of medical devices, including those implanted in patients and larger devices used in hospitals and other healthcare facilities.
The affected microchip manufacturers are: Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics and Telink Semiconductor.
The FDA said medical devicemakers already are assessing which devices may be affected by the SweynTooth vulnerabilities and are "identifying risk and remediation actions."
The agency is asking devicemakers to tell healthcare providers and patients which of their devices could be affected by SweynTooth and to find ways to reduce the risks.
The agency also recommended that patients using medical devices talk to their healthcare providers to determine whether their device could be affected and to seek help right away if they think their device isn't working properly.
Read the full news release here.