The U.S. Food and Drug Administration (FDA) has notified patients, health care providers about a set of cybersecurity vulnerabilities mentioned as “SweynTooth.” According to a statement from the FDA, attackers can exploit SweynTooth vulnerabilities to remotely crash devices, stop it from working, or access device functions normally only available to the authorized user. It’s also said that the vulnerabilities may pose risks to a variety of medical devices like pacemakers, glucose monitors, and ultrasound devices.
According to the FDA, SweynTooth affects the wireless communication technology known as Bluetooth Low Energy (BLE), that allows two devices to pair and exchange information to perform their intended functions while preserving battery life and can be found in medical devices as well as other devices such as consumer wearables and IoT devices.
Suzanne Schwartz, deputy director at the FDA’s Center for Devices and Radiological Health, said, “Medical devices are becoming increasingly connected, and connected devices have inherent risks, which make them vulnerable to security breaches. These breaches potentially impact the safety and effectiveness of the device and, if not remedied, may lead to patient harm. The FDA recommends that medical device manufacturers stay alert for cybersecurity vulnerabilities and proactively address them by participating in coordinated disclosure of vulnerabilities as well as providing mitigation strategies. An essential part of the FDA’s strategy is working with manufacturers, health care delivery organizations, security researchers, other government agencies and patients to address cybersecurity concerns that affect medical devices in order to keep patients safe.”
Patient Medical Data Highly Vulnerable to Data Breaches
According to a study from Greenbone Networks, nearly one billion medical images have been exposed online. Greenbone carried out an analysis of over 2,300 medical Picture Archiving and Communication Systems (PACS) servers. PACS servers are governed by a standard called DICOM (Digital Imaging and Communications in Medicine). This standard lays the guideline for medical imaging devices that are networked in order to exchange and archive information about patients and images. DICOM makes use of the IP protocol. PACS servers digitally archive medical images (such as X-ray, CT, MRI scans etc.), which can be shared with or accessed by the attending provider from anywhere across the globe.