CISA and FDA issues warning about SweynTooth cybersecurity vulnerabilities
The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the US Food and Drug (FDA) has informed patients, healthcare providers, and manufacturers about the cybersecurity vulnerability referred to as ‘SweynTooth’, that may introduce risks for certain medical devices. SweynTooth affects devices that use Bluetooth low energy (BLE). BLE allows devices to exchange information and can be found in medical devices (e.g. pacemakers, stimulators, blood glucose monitors, and insulin pumps); or larger devices in healthcare facilities such as electrocardiograms, monitors, and ultrasound devices. These cybersecurity vulnerabilities may allow an unauthorised user to wirelessly crash the device or access device functions. So far, no events related to these vulnerabilities were reported. Medical device manufacturers are already assessing which devices might be affected while several microchip manufacturers have released patches to deal with the vulnerabilities. In its statement, the FDA is asking manufacturers to reach out to healthcare providers and patients to see whether their medical devices could be affected, and provide ways to reduce any possible risk. The FDA is also recommending patients to talk to their healthcare providers to see if their medical device might be affected.