Skip to Content
Security & privacy

Warning: FDA identifies 11 scary security flaws in medical devices

We’re constantly telling you about the latest digital security threats — and for good reason. Crooks are always looking for new ways to rip you off or infect your gadgets with malware.

If you think hackers are solely interested in stealing your money, think again. Sometimes the plot thickens and more devious intentions are at hand.

That’s actually happening right now. The FDA is sounding the alarm on 11 frightening security flaws in medical devices that could pose a threat to your life.

URGENT/11 vulnerabilities pose a serious threat

The FDA released a warning this week to inform patients, health care professionals, IT staff in health care facilities and manufacturers about a set of cybersecurity threats it’s calling “URGENT/11.” If these vulnerabilities are exploited, a remote attacker could alter medical devices and hospital networks. Devices like infusion pumps, anesthesia machines and more are at risk.

The warning stated, “These cybersecurity vulnerabilities may allow a remote user to take control of a medical device and change its function, cause denial of service, or cause information leaks or logical flaws, which may prevent a device from functioning properly or at all.”

This isn’t the first time we’ve heard of URGENT/11. The Department of Homeland Security first told the public about them earlier this July.

These flaws exist in third-party software called IPnet, which is used by computers to communicate with each other over a network. The software is part of several operating systems and could be incorporated into other software applications, equipment and systems.

Here is a list of known operating systems that are affected:

  • VxWorks (by Wind River)
  • Operating System Embedded (OSE) (by ENEA)
  • INTEGRITY (by GreenHills)
  • ThreadX (by Microsoft)
  • ITRON (by TRON)
  • ZebOS (by IP Infusion)

Note: Vulnerabilities may not be included in all versions of these operating systems.

Medical device manufacturers are looking into which devices may be affected and some already started notifying customers of known at-risk medical devices.

FDA recommendations for patients and caregivers

The FDA is working with multiple federal agencies, manufacturers and security researchers to identify, communicate and prevent tragic events related to these vulnerabilities. We’ll keep you posted if significant new information becomes available.

In the meantime, the FDA is asking patients and caregivers to follow these recommendations:

  • Talk to your health care provider to determine if your medical device may be affected. Please be aware that health care providers may not have access to this information at the time of the issuance of this communication. Device manufacturers should be reaching out to their customers as more information becomes available.
  • Seek medical help right away if you think the operation or function of your medical device changes unexpectedly.

If you think you’ve already experienced a problem with your device, the FDA is asking that you report the issue through the MedWatch Voluntary Reporting Form. Tap or click here to file a report.

Learn about the latest tech news before anyone else. Get my free Top Stories newsletter and you’ll be ahead of the game. Tap or click here to sign up now!

Stop robocalls once and for all

Robocalls are not only annoying, but they scam Americans out of millions every year. Learn Kim's tricks for stopping them for good in this handy guide.

Get the eBook