SweynTooth Cybersecurity Vulnerabilities Put Dozens of Medical Devices at Risk

A family of 12 cybersecurity bugs associated with Bluetooth Low Energy (BLE) may introduce risks for some medical devices, FDA said Tuesday in a safety notice to patients, providers, and manufacturers. The vulnerabilities, dubbed SweynTooth, don't exist in BLE itself but in development kits that come with certain system-on-a-chip (SoC) products. FDA said it is aware of several SoC manufacturers that are affected by these vulnerabilities: Texas Instruments NXP Cypress Dialog Semiconductors Microchip STMicroelectronics Telink Semiconductor Medical device manufacturers are already assessing which devices are affected by SweynTooth, evaluating the risk, and developing remediation actions, FDA noted. The agency issued the following recommendations for manufacturers: If your device or any device that communicates with your device uses BLE technology, evaluate how it is impacted by these vulnerabilities. Conduct a risk assessment, as described in FDA’s cybersecurity postmarket guidance, to evaluate the impact of these vulnerabilities to affected devices and develop risk mitigation plans. Mitigations should include compensating controls while you are developing software patches. Work with healthcare providers, facilities, and patients to determine which medical devices are affected and to take actions to ensure that risks are reduced to acceptable levels. Where possible, monitor medical devices for any signs of unusual...
Source: MDDI - Category: Medical Devices Authors: Tags: Digital Health Source Type: news