The U.S. Federal Bureau of Investigation (FBI) has issued a report detailing the potential cybersecurity risks associated with outdated and unpatched medical devices.
The report, titled “Unpatched and Outdated Medical Devices Provide Cyber Attack Opportunities,” offers frightening details regarding the extent of the medical device cyber risk. For example, according to research published in 2022 and cited by the FBI, 53% of connected medical devices used in hospital settings had known, critical vulnerabilities that can pose a risk to patients, including those with severe medical conditions.
A separate 2021 research report cited in the Bureau’s report determined that the average medical device has more than six separate vulnerabilities and that medical devices at their end-of-life stage have few or no security patches or upgrades available.
The FBI’s report also provides a comprehensive list of steps that healthcare institutions can take to secure medical devices, including more robust endpoint protection, vulnerability management, and increased employee training to help mitigate risks.
EU Commission Updates Standards for ATEX Directive
The ATEX Directive applies to “machines, apparatus, fixed or mobile devices, control components and instrumentation…and detection or prevention systems which…are intended for the generation, transfer, storage, measurement, control and conversion of energy and/or the processing of material,” and “which are capable of causing an explosion through their own potential sources of ignition.”
The updates to the list of harmonized standards under the ATEX Directive were enacted under the scope of Commission Implementing Decision (EU) 2022/1668, published in the Official Journal of the European Union in late September. The new list represents the first updates to the ATEX harmonized standards list since 2018.
FCC Expands List of Communications Equipment That Poses National Security Threat
According to a Public Notice issued by the FCC’s Public Safety and Homeland Security Bureau, the FCC has added products and services from two additional entities, Pacific Network Corporation and its subsidiary Com Net (USA) LLC and China Unicom (Americas) Operations Limited, to its list of companies whose equipment and services have been deemed a security threat. The FCC says that these entities “are subject to the exploitation, influence, and control of the Chinese government,” thereby posing “an unacceptable risk to the national security of the United States or the security and safety of United States persons.”
The FCC is required under the Secured and Trusted Communications Act to publish and maintain a list of communications equipment and services that pose a security risk.
- For applied cardiology, a team of researchers from the Czech Republic for research that confirmed that, when new romantic partners meet for the first time and are attracted to each other, their heart rates synchronize;
- For literature, researchers in Canada, the U.S., the UK, and Australia for confirming that poor writing and not specialized concepts are what makes legal documents unnecessarily difficult to understand;
- For biology, a pair of researchers from Brazil and Columbia on whether and how constipation affects the mating prospects of scorpions;
- For medicine, a team of researchers from Poland for demonstrating that when patients undergo some forms of toxic chemotherapy, they suffer fewer harmful side effects when ice cream replaces one component of the procedure;
- For engineering, Japanese researchers who worked to discover the most efficient way for people to use their fingers when turning a knob; and finally…
- For peace, an international consortium of researchers who developed an algorithm to help gossipers decide when to tell the truth and when to lie.
For those who have never heard of the Ig Nobel Prizes (and, if so, where have you been?), they are not to be confused with the annual Nobel Prizes typically announced in early October in Oslo, Norway. Instead, the Ig Nobel Prizes “honor achievements that first make people laugh and then make them think.”