FBI Offers Tips to Mitigate Cyber Vulnerabilities: Home Health Devices Listed as Possible Target

From NAHC- #://www.nahc.org/NAHCReport/nr150915_2/

September 16, 2015 02:08 PM

The Federal Bureau of Investigations (FBI) released a public service announcement (PSA) that focused on the Internet of Things (IoT), defined as “any object or device which connects to the Internet to automatically send and/or receive data,” and IoT vulnerabilities to cybercrime.

“As more businesses and homeowners use web-connected devices to enhance company efficiency or lifestyle conveniences, their connection to the Internet also increases the target space for malicious cyber actors,” the FBI stated in the PSA. “Similar to other computing devices, like computers or Smartphones, IoT devices also pose security risks to consumers. The FBI is warning companies and the general public to be aware of IoT vulnerabilities cybercriminals could exploit, and offers some tips on mitigating those cyber threats.”

Among the examples of possible targets listed by the FBI were home health monitoring devices: “Criminals can also gain access to unprotected devices used in home health care, such as those used to collect and transmit personal monitoring data or time-dispense medicines. Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection. These devices may be at risk if they are capable of long-range connectivity.”

Following are the protection and defense recommendations the FBI provided:

  • Isolate IoT devices on their own protected networks;
  • Disable UPnP on routers;
  • Consider whether IoT devices are ideal for their intended purpose;
  • Purchase IoT devices from manufacturers with a track record of providing secure devices;
  • When available, update IoT devices with security patches;
  • Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it operate on a home network with a secured Wi-Fi router;
  • Use current best practices when connecting IoT devices to wireless networks, and when connecting remotely to an IoT device;
  • Patients should be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor;
  • Ensure all default passwords are changed to strong passwords. Do not use the default password determined by the device manufacturer. Many default passwords can be easily located on the Internet. Do not use common words and simple phrases or passwords containing easily obtainable personal information, such as important dates or names of children or pets. If the device does not allow the capability to change the access password, ensure the device providing wireless Internet service has a strong password and uses strong encryption.

To read the full PSA, click here.