FDA issues new cybersecurity warning

AuntMinnie.com staff writers
Oct 1, 2019
2016 09 02 09 36 05 93 Fda Logo V2 400

The U.S. Food and Drug Administration (FDA) has issued a safety communication on the potential risks for medical devices -- including imaging systems -- and hospital networks from the so-called Urgent/11 cybersecurity vulnerabilities.

Urgent/11 refers to 11 vulnerabilities identified by a security firm in IPnet, a third-party software application that computers use to communicate with each other over a network, according to the FDA. The software is part of several operating systems and may be incorporated into other software applications, equipment, and systems. It may be used in a wide range of medical and industrial devices, the agency said.

These 11 vulnerabilities (Urgent/11) could allow a remote user to take control of a medical device and change its function, cause denial of service, or cause information leaks or logical flaws that prevent a device from functioning properly at all, according to the FDA.

"Though the IPnet software may no longer be supported by the original software vendor, some manufacturers have a license that allows them to continue to use it without support," the agency wrote. "Therefore, the software may be incorporated into a variety of medical and industrial devices that are still in use today."

Although the FDA has not yet received any adverse event reports associated with these vulnerabilities, it noted that several manufacturers have notified their customers about affected devices, which include an imaging system, an infusion pump, and an anesthesia machine. Additional medical devices will likely be identified that contain one or more of the vulnerabilities associated with the original IPnet software, according to the FDA.

The FDA said it is aware of the following operating systems being affected by Urgent/11:

  • VxWorks (Wind River)
  • Operating System Embedded (OSE) (Enea)
  • Integrity (Green Hills)
  • ThreadX (Microsoft)
  • ITRON (TRON)
  • ZebOS (IP Infusion)

The vulnerability may not be included in all versions of these operating systems, the FDA noted.

The agency is asking manufacturers to work with healthcare providers to determine which medical devices, either in their healthcare facility or used by their patients, could be affected by Urgent/11 and to develop risk-mitigation plans. Furthermore, the FDA is recommending that patients talk to their healthcare providers to determine if their medical device could be affected and to seek help right away if they notice the functionality of their device has changed.

The safety communication can be found on the FDA's website.

Latest in IS
2017 03 30 15 16 56 745 Mammogram Calendar 400
Can self-scheduling and referral close breast cancer screening gaps?
July 31, 2023
2018 11 19 17 20 4754 Back Pain 400
Simple EHR intervention reduces unnecessary lower-back x-rays
July 30, 2023
2020 01 28 20 45 5229 Cloud Computing Laptop 400
Amazon Web Services releases imaging data platform
July 25, 2023
2021 06 16 23 10 5735 Student Doctor Laptop Test 400
Online course teaches students about appropriate imaging use
July 19, 2023
Related Stories
2021 08 10 16 10 2928 Cybersecurity Lock V2 400
IS
Cybersecurity comes under intense scrutiny at RSNA 2021
2016 09 02 09 28 19 895 Fda Logo 400
MRI
FDA OKs implantable device software tool for MRI
2019 11 01 22 16 2253 Hahn Stephen 20191101221734
Radiation Oncology/Therapy
Senate confirms Hahn as FDA commissioner
2019 03 26 18 32 2300 Computer Hacker Security 400
Artificial Intelligence
AI-cyberterrorism in radiology: Threat or red herring?
More in IS
Can self-scheduling and referral close breast cancer screening gaps?
By Amerigo Allegretto
Online patient portal self-scheduling and self-referral methods can help mitigate health disparities in breast cancer screening, according to research published July 26 in the Journal of the American College of Radiology.
July 31, 2023
2017 03 30 15 16 56 745 Mammogram Calendar 400
Simple EHR intervention reduces unnecessary lower-back x-rays
By Kate Madden Yee
A relatively simple electronic health record (EHR) intervention reduces the incidence of unnecessary x-rays for patients presenting with low back pain, a study published July 28 in the Journal of the American College of Radiology has found.
July 30, 2023
2018 11 19 17 20 4754 Back Pain 400
Amazon Web Services releases imaging data platform
By AuntMinnie.com staff writers
Amazon Web Services has launched an imaging data platform for storing, accessing, and analyzing medical images at petabyte scale.
July 25, 2023
2020 01 28 20 45 5229 Cloud Computing Laptop 400
Online course teaches students about appropriate imaging use
By Amerigo Allegretto
An online elective course can effectively educate radiology students on the concept of appropriateness in medical imaging, according to an Israeli study published July 18 in Academic Radiology.
July 19, 2023
2021 06 16 23 10 5735 Student Doctor Laptop Test 400
CMS proposes radiology reimbursement cuts, AUC pause for 2024 MPFS
By Erik L. Ridley
In what has seemingly become an annual event, the U.S. Centers for Medicare and Medicaid Services (CMS) has once again included radiology reimbursement cuts in its Medicare Physician Fee Schedule (MPFS) Proposed Rule.
July 13, 2023
2019 07 31 17 01 7432 Medicare Puzzle 400
Summary reports improve CT planning for ovarian cancer surgery
By Kate Madden Yee
A synoptic, or summary radiology report, improves pretreatment CT planning for patients with advanced ovarian cancer compared to a simple structured report, according to a study published on July 12 in the American Journal of Roentgenology.
July 12, 2023
2023 07 12 19 50 6142 2023 07 12 Ajr Ct Ovarian 400
PET/CT shows value in patients with portal vein thrombosis
By Will Morton
PET/CT could be a valuable new imaging technique for distinguishing benign from malignant portal vein thrombosis in liver cirrhosis patients, according to a group in Egypt.
June 26, 2023
2023 06 22 23 04 9721 2023 06 23 Pet Pvt 20230622231003
Ransomware affects emergency radiology workflows
By Amerigo Allegretto
Ransomware attacks have a significant effect on emergency radiology workflows, as well as on acute care delivery and the personal well-being of healthcare providers, according to a study published June 15 in the Annals of Emergency Medicine.
June 19, 2023
2021 08 10 16 10 2928 Cybersecurity Lock V2 400
SIIM: Can Microsoft Teams lessen radiologist interruptions?
By Erik L. Ridley
AUSTIN, TX - Asynchronous forms of communication such as Microsoft Teams are much less disruptive to radiologists than phone calls or in-person visits, according to a talk delivered at the annual Society for Imaging Informatics in Medicine (SIIM) meeting.
June 18, 2023
2020 04 16 18 17 3383 Radiologist Ct Scan Brain Tumor 400
Turing debuts MRI visual feedback module at ISMRM 2023
By AuntMinnie.com staff writers
Neuroimaging software company Turing Medical Technologies (formerly Nous Imaging) used the venue of ISMRM 2023 in Toronto to launch FIRMM-pix, an in-bore visual feedback module designed to actively reduce head motion during brain MRI scans.
June 8, 2023
2023 01 30 21 50 9506 Computer Display Monitor Lab Mri V2 400
ImagineSoftware acquires Within Health
By AuntMinnie.com staff writers
Radiology billing and RIS developer ImagineSoftware has acquired artificial intelligence software developer Within Health. Terms of the deal were not disclosed.
May 23, 2023
2020 08 20 17 37 8876 Business Handshake Man 400
DetectedX touts learning platform success
By AuntMinnie.com staff writers
DetectedX is highlighting that the user base for its Radiology Online Learning Centre has exceeded 4,500 users, which the company says range from large radiology groups to individuals around the world.
May 3, 2023
2020 06 16 22 09 9134 Doctor Virtual Meeting Laptop Computer 400
Page 1 of 603
Next Page