
Medical devices from Stryker Corp. and Becton Dickinson & Co. could be vulnerable to hackers, a US Department of Homeland Security office said.
The National Cybersecurity and Communications Integration Center (NCCIC) describes potential risks tied to Stryker medical beds and the BD FACS Lyric flow cytometry solution in Jan. 30 advisories.
The vulnerable Stryker products are wireless-enabled models of theSecure II MedSurg Bed, theS3 MedSurg Bed, and theInTouch ICU Bed. According to NCCIC, the digital "handshake" used to verify the devices with the network can be manipulated to allow an attacker to partially disclose encrypted information or inject malicious data. The issue, known as the KRACK vulnerability, was discovered by a Belgian researcher.
Stryker has issued patches for some of the affected products. The company is also recommending that hospitals disable the beds’ wireless function if unneeded and operate the beds on a separate VLAN (virtual local area network) to improve security when possible. NCCIC further says users should ensure the devices can’t be accessed from the Internet; place devices behind firewalls and isolated from the business network; and use secure methods, such as VPNs, if remote access is needed.
Meanwhile, two versions of theFACSLyric flow cytometry software solution that run onWindows 10are vulnerable to unauthorized efforts to access administrative accounts, the DHS center says. BD is working with users to remedy the issue by either disabling the administrative accounts or replacing vulnerable workstations, NCCIC says. The agency also recommends that users minimize network exposure for all devices, restrict system access and disable any unnecessary accounts.
The US government's focus on medical device cybersecurity concerns has grown in recent years. The warnings came the same week that US FDA held a two-day public workshop on device cybersecurity vulnerabilities.(Also see "FDA Cybersecurity Forum: Manufacturers Explain Coordinated Vulnerability Disclosures" - Medtech Insight, 1 Feb, 2019.)
From the editors of The Gray Sheet