FDA Safety Communication / Courtesy of FDA, Pixabay and RRY Publications

Recommendations for Manufacturers

  • Conduct a risk assessment.
  • Work with the operating system vendor to identify if a patch is available and implement recommended mitigation methods.
  • Ensure any mitigations you may currently employ (for example: firewalls, virtual private network (VPN)) are not impacted by URGENT/11.
  • Develop a plan for updating your medical device to accommodate a version of an OS (or a communication protocol) that is not impacted by the URGENT/11 vulnerabilities.
  • Work with health care providers and facilities to determine affected medical devices and discuss and develop ways to ensure that risks are reduced to acceptable levels.
  • Communicate with your customers and the user community regarding your assessment and recommendations for risk mitigation strategies and any compensating controls, to allow customers to make informed decisions about device use. Provide an Information Sharing Analysis Organization (ISAO) with any customer communications upon notification of your customers.
  • Report medical devices you’ve identified as vulnerable to URGENT/11 to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) at ICS-CERT@HQ.DHS.GOV, so that this information can be added to its evolving list of products.

Recommendations for Health Care Providers

  • Advise patients who use medical devices that may be affected.
  • Remind patients who use medical devices to seek medical help right away if they think operation or function of their medical device changed unexpectedly.
  • Work with device manufacturers to determine which medical devices in your facilities or in use by your patients could be affected by these vulnerabilities and develop risk mitigation plans.

Recommendations for Health Care Facility Staff (including IT Staff)

  • Monitor your network traffic and logs for indications that an URGENT/11 exploit is taking place.
  • Use firewalls, virtual private networks (VPN), or other technologies that minimize exposure to URGENT/11 exploitation.

Recommendations for Patients and Caregivers

  • Talk to your health care provider to determine if your medical device may be affected. Please be aware that health care providers may not have access to this information at the time of issuance of this communication. Device manufacturers should be reaching out to their customers as more information becomes available.
  • Seek medical help right away if you think operation or function of your medical device changed unexpectedly.

The FDA communication, along with linked resources is available online.

Pages: 1 2

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.