Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft

Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn.

Telehealth care is on the rise as medical service providers cope with the strain of a pandemic and rising costs. But the rush to roll out remote healthcare has also unleashed a universe of wearable medical devices to collect sensitive data, which researchers say are widely vulnerable to attack.

Analysts with Kaspersky Labs reported finding 33 vulnerabilities last year in the most widely used data transfer protocol for internet of things (IoT) medical devices, known as MQTT — that’s 10 more than the previous year. All of them put patient data at risk, the team warned.

To put those numbers in perspective, the analysts at Kaspersky said only 90 vulnerabilities in MQTT have been reported since 2014. Worse yet, many of those bugs are still unpatched, they added.

“Overall, we expected that 2021 would be a year of greater collaboration between the medical sector and IT security specialists,” the Kaspersky team said. “In some ways, our expectations were met, but the explosive growth of telehealth has brought new challenges to this collaboration which have yet to be

Read More: https://threatpost.com/unpatched-security-bugs-medical-wearables-patient-tracking-data-theft/178150/