HomeLatest NewsFederal NewsFBI Recommends Action to Protect Vulnerable Medical Devices from Cyberattacks

FBI Recommends Action to Protect Vulnerable Medical Devices from Cyberattacks

The FBI recently released recommendations to help protect medical devices from cyberattacks that can threaten health care operations, patient safety, and data privacy and integrity, citing a growing number of unpatched medical device vulnerabilities.

“This past June, the AHA issued a letter of support to Congress for pending legislation known as the PATCH Act,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The letter echoed the need for medical device manufacturers to implement increased cybersecurity requirements for medical devices. Cyber vulnerabilities in medical devices, often containing outdated legacy technology, have posed a significant cyber risk to hospitals. In 2017, the FBI reported that the North Korean WannaCry global health care ransomware attack was fueled by vulnerabilities in medical devices.

“The pending legislation would require medical device manufacturers to monitor and identify post-market vulnerabilities in a timely manner, develop a plan for coordinated vulnerability disclosure, provide lifetime cybersecurity support of the device and provide an accounting of all software contained in the device, including third party software.

“In the interim, it is good practice to increase cybersecurity requirements in medical device and medical technology business associate agreements. An excellent resource for medical technology model contract language can be found here.”

For more information on this or other cyber and risk issues, contact John Riggi at jriggi@aha.org

Stay Connected

Unified Voice Newsletter

Events This Month


26sep11:00 am12:00 pmFall Prevention: Keeping our older patients Standing StrongSDAHO Webinar

26sep12:00 pm1:00 pmApprenticeships: Build Your Team and Strengthen the Aging Services Workforce

27sep12:00 pm1:00 pmAchieving Sustained Reduction in Blood Culture ContaminationAHA Webinar

27sepAll Day28SD Rural Health Equity SummitWest River AHEC

28sep12:00 pm1:30 pmGrievance and Complaints: Ensuring Hospitals Compliance with the CMS COPs, Joint Commission, DNV Standards and OCRSDAHO Webinar

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact