hacking medical devices | Breaking Cybersecurity News | The Hacker News

An analysis of data crowdsourced from more than 200,000 network-connected infusion pumps used in hospitals and healthcare entities has revealed that 75% of those medical devices contain security weaknesses that could put them at risk of potential exploitation. "These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices," Unit 42 security researcher Aveek Das  said  in a report published Wednesday. Palo Alto Networks' threat intelligence team said it obtained the scans from seven medical device manufacturers. On top of that, 52.11% of all infusion pumps scanned were susceptible to two known vulnerabilities that were disclosed in 2019 as part of 11 flaws collectively called " URGENT/11 " – CVE-2019-12255  (CVSS score: 9.8) – A buffer overflow flaw in the TCP component of Wind River VxWorks CVE-2019-12264  (CVS

The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a small surgically implanted device (in patients' chests) that gives a patient's heart an electric shock (often called a countershock) to re-establish a normal heartbeat. While the device has been designed to prevent sudden death, several implanted cardiac defibrillators made by one of the world's largest medical device companies Medtronic have been found vulnerable to two serious vulnerabilities. Discovered by researchers from security firm Clever Security, the vulnerabilities could allow threat actors with knowledge of medical devices to intercept and potentially impact the functionality of these life-saving devices. "Successful exploitation of these vulnerabilities

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

Internet-of-things are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices. However, such devices could potentially be compromised by hackers. There are, of course, some really good reasons to connect certain devices to the Internet. But does everything need to be connected? Of course, not—especially when it comes to medical devices. Medical devices are increasingly found vulnerable to hacking. Earlier this month, the US Food and Drug Administration (FDA) recalled 465,000 pacemakers after they were found vulnerable to hackers. Now, it turns out that a syringe infusion pump used in acute care settings could be remotely accessed and manipulated by hackers to impact the intended operation of the device, ICS-CERT warned in an advisory issued on Thursday. An independent security researcher has discovered not just one or two, but eight security vulnerabilities in the Medfusion 4000 Wireless Syringe

" If you want to keep living, Pay a ransom, or die ." This could happen, as researchers have found thousands of vulnerabilities in Pacemakers that hackers could exploit. Millions of people that rely on pacemakers to keep their hearts beating are at risk of software glitches and hackers, which could eventually take their lives. A pacemaker is a small electrical battery-operated device that's surgically implanted in the chest to help control the heartbeats. This device uses low-energy electrical pulses to stimulate the heart to beat at a normal rate. While cyber security firms are continually improving software and security systems to protect systems from hackers, medical devices such as insulin pumps or pacemakers are also vulnerable to life-threatening hacks. In a recent study, researchers from security firm White Scope analysed seven pacemaker products from four different vendors and discovered that they use more than 300 third-party libraries, 174 of which are

Computer viruses do not discriminate. They are not just hacking your email and online banking accounts anymore. Computer viruses do not distinguish between a personal computer or a hospital machine delivering therapy to patients — and the results could prove deadly. Cyber attacks on hospitals have emerged as a significant cyber security risk in 2016, which not only threaten highly sensitive information but also potentially harm the very lives of those being protected. In the latest incident, hundreds of planned operations, outpatient appointments, and diagnostic procedures have been canceled at multiple hospitals in Lincolnshire, England, after a "major" computer virus compromised the National Health Service (NHS) network on Sunday. In a bright-red alert warning labeled "Major incident" on its website, the Northern Lincolnshire and Goole NHS Foundation Trust (NLAG) said its systems in Scunthorpe and Grimsby were infected with a virus on October 30. Th