Critical security vulnerabilities put millions of healthcare devices at risk

Some security flaws have lain dormant for over three decades

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have revealed over a dozen critical vulnerabilities, which they believe could be present in millions of healthcare devices, and could help facilitate all kinds of attacks including remote code execution, denial of service attacks and data leak.

DubbedNUCLEUS:13, the 13 vulnerabilities affecting the Nucleus TCP/IP stack were discovered by researchers at Forescout Research Labs.

The researchers explain that although the Nucleus TCP/IP stack was originally released in 1993, it is still widely used in critical safety devices operated by hospitals and the healthcare industry, including anesthesia machines, patient monitors, building automation systems, lighting controls and ventilation.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

“The NUCLEUS:13 report uncovers some serious and urgentthreats for the global healthcare industryif these vulnerabilities are not properly addressed and patched. At a time when many hospitals are still dealing with the impact of the pandemic, these vulnerabilities have the potential to cause even more widespread disruption,” explains Daniel dos Santos, Research Manager, Forescout Research Labs.

Hidden for three decades

dos Santos explains that if bad actors were to exploit the bugs, they could take control and potentially shut down several critical hospital systems.

Forescout shares that the vulnerabilities have been lying dormant for the last 30 years in millions of devices that deploy the vulnerable TCP/IP stack owned by Siemens. Analyzing devices by country, the researchers note that the UK is the third most potentially impacted country, preceded by the US and France.

“Our advised mitigations for NUCLEUS:13 include using network segmentation to limit the network exposure of critical vulnerable devices and patching devices as vendors release their patches. Some vulnerabilities can also be mitigated by blocking or disabling support for unused protocols, such as FTP,” suggests dos Santos.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

According to anadvisoryput out by the US Cybersecurity and Infrastructure Security Agency (CISA), Siemens has released updates for several of the affected products, and the agency recommends all healthcare users to update their devices to the latest version without delay.

Ensure your systems remain secure and updated using one of thesebest patch management tools

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well