Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Hospital Medical Devices Used As Weapons In Cyberattacks
Newest First  |  Oldest First  |  Threaded View
KennedyAngel
KennedyAngel,
User Rank: Apprentice
7/3/2015 | 8:29:45 AM
Re: Surprised I'm surprised
Computer malware and viruses are rapidly setting their sights on medical devices. Many medical devices like fetal monitors, pacemakers, insulin pump and many more dependent on networks, always have the possibility to face cyber attack. Patients remain at risk, thus to prevent this condition, FDA officials have announced new guidelines to medical device manufacturers like present at ilexmedical.com for outlining the cyber security issues. If the manufacturers don't adequately overcome cyber threat concerns, then devices might be blocked for practical use.
dieselnerd
dieselnerd,
User Rank: Strategist
6/11/2015 | 1:12:38 PM
Re: Surprised I'm surprised
Another wake-up call, another slap to the Snooze button. We are masters of denial - and masters of avoiding investment in maintenance/protection.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
6/9/2015 | 8:00:28 AM
Re: Surprised I'm surprised
Isolating these systems comes with the same challenges as critical systems in the ICS/SCADA world...even if you think you've air-gapped them (which you can't really do with an x-ray imaging system, anyway, because docs need to access the images), there's always a way to infect them as soon as someone plugs a laptop or tablet in, or even a USB stick. What needs to happen is better built-in security and forensics capabilities, as well as more good 'ol defense-in-depth.
Whoopty
Whoopty,
User Rank: Ninja
6/9/2015 | 7:55:18 AM
Surprised I'm surprised
I'm surprised by this, though considering the security in many other industries, its shouldn't come as such. Still, this should act as a big wake up call as we move towards a future with lots of wearable data being used in the medical fields, that better security is required. 

Keeping all of it on its own network seems like a good place to start. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31884
PUBLISHED: 2022-06-28
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
CVE-2022-31887
PUBLISHED: 2022-06-28
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
CVE-2020-19896
PUBLISHED: 2022-06-28
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVE-2020-19897
PUBLISHED: 2022-06-28
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
CVE-2021-41559
PUBLISHED: 2022-06-28
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.