The public becomes more aware of software and hardware vulnerabilities in various medical devices, as the healthcare industry rushes to adopt new technologies to help alleviate the effects of the Covid-19 pandemic and help to sustain the virus. Previously, the Food and Drug Administration (FDA) has been seeking additional legislative authority in order to have the critical information about the cybersecurity of devices, and ensure that med techs are required to have a Software Bill of Materials (SBOM). Furthermore, several reports have been published in order to increase cybersecurity awareness in healthcare institutions.
In November 2021, the US Cybersecurity and Infrastructure Security Agency issued an alert concerning critical vulnerabilities in Siemens’ software, which has the potential to affect how some medical devices such as anaesthesia machines, ventilators and bedside monitors operate. While no attacks have been recorded to target these specific vulnerabilities, if hackers exploit these vulnerabilities, patients’ healthcare will be put at risk. While Siemens has released patches and updates for products that were affected and confirmed that it is further investigating if any more of its products are affected, this news raises yet another concern about cybersecurity issues in medical devices.
The above-mentioned software was released in 1993 and its vulnerabilities raise concerns about using older medical devices. The rate of cyberattacks on healthcare institutions has been steadily increasing since the beginning of the Covid-19 pandemic and they are expected to grow in the future as the healthcare industry adopts more advanced medical devices and increases data collection. Healthcare companies should not only monitor and test the safety of hardware and software of new medical devices but keep updating and monitoring the ones that have been on the medical market for some time.