Adding to the US Federal Government’s breaching distress, the Department of Homeland Security (DHS) notice from ICS-CERT (Industrial Control Systems-Cyber Emergency Response Team) has warned of “a hard-coded password vulnerability affecting roughly 300 medical devices across approximately 40 vendors. According to their (security vendor Cyclance-Ed.) report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware.” This unnerving development has not yet been exploited, according to DHS, but could affect patient monitors, surgical and anesthesia devices, ventilators, drug infusion pumps, external defibrillators, mammography equipment, and laboratory and analysis equipment. Not good news. Additional information in iHealthBeat and GovInfoSecurity. DHS/ICS-CERT notice.
Previously in TTA: VA networks breached from overseas; 20 million records affected (13 June)