Security researchers, manufacturers and the FDA are aware that the following operating systems are affected, but the vulnerability may not be included in all versions of these operating systems:
VxWorks (by Wind River)
Operating System Embedded (OSE) (by ENEA)
Ad Statistics
Times Displayed: 50213
Times Visited: 1424 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
INTEGRITY (by GreenHills)
ThreadX (by Microsoft)
ITRON (by TRON)
ZebOS (by IP Infusion)
The agency is asking manufacturers to work with health care providers to determine which medical devices, either in their health care facility or used by their patients, could be affected by URGENT/11 and develop risk mitigation plans. Patients should talk to their health care providers to determine if their medical device could be affected and to seek help right away if they notice the functionality of their device has changed.
The FDA takes reports of vulnerabilities in medical devices very seriously and today’s safety communication includes recommendations to manufacturers for continued monitoring, reporting and remediation of medical device cybersecurity vulnerabilities. The FDA is recommending that manufacturers conduct a risk assessment, as described in the FDA’s cybersecurity postmarket guidance, to evaluate the impact of these vulnerabilities on medical devices they manufacture and develop risk mitigation plans. Medical device manufacturers should work with operating system vendors to identify available patches and other recommended mitigation methods, work with health care providers to determine any medical devices that could potentially be affected, and discuss ways to reduce associated risks.
Some medical device manufacturers are already actively assessing which devices may be affected by URGENT/11 and are identifying risk and remediation actions. In addition, several manufacturers have already proactively notified customers of affected products, which include medical devices such as an imaging system, an infusion pump and an anesthesia machine. The FDA expects that additional medical devices with one or more of the cybersecurity vulnerabilities will be identified.
“While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed could be significant,” said Suzanne Schwartz, M.D., MBA, deputy director of the Office of Strategic Partnerships and Technology Innovation in the FDA’s Center for Devices and Radiological Health. “The safety communication issued today contains recommendations for what actions patients, health care providers and manufacturers should take to reduce the risk this vulnerability could pose. It’s important for manufacturers to be aware that the nature of these vulnerabilities allows the attack to occur undetected and without user interaction. Because an attack may be interpreted by the device as a normal network communication, it may remain invisible to security measures.”
