Sep 7, 2021

The Health Sciences Authority (HSA), Singapore’s medical device market regulator, has issued recommendations for some medical devices utilizing Bluetooth connectivity to protect against new cybersecurity vulnerabilities.

According to a recent alert from the HSA, the new vulnerabilities, collectively known as “BrakTooth,” target connected medical devices that incorporate Bluetooth Link Manager Protocols; at least 10 device manufacturers with products using Bluetooth Classic chips have been affected to far, according to the regulator.

A BrakTooth breach may allow hackers or unauthorized users to access an affected device and impair critical functions, requiring security patches from Bluetooth chip developers to protect against these cyber vulnerabilities.

What impacted manufacturers should do in the face of BrakTooth

The HSA lists several steps manufacturers of affected devices available on the Singapore market should take in order to mitigate risks posed by BrakTooth.

First, manufacturers should refer to the Singapore Computer Emergency Response Team (SingCERT) or the Singapore University of Technology and Design (SUTD) for resources and methods to determine whether their devices are impacted by the BrakTooth vulnerabilities.

Manufacturers and industry stakeholders whose devices are affected should then proceed as follows:

  • Report impacted medical devices to HSA;
  • Run risk assessments of vulnerabilities pertaining to devices and their intended uses;
  • Develop and implement risk mitigation plans until devices can be properly patched;
  • Install pertinent security patches as soon as possible;
  • Establish timely communications with healthcare providers and users and provide recommendations for actions to prevent or reduce risks to patients and users.

HSA officials will provide further details on BrakTooth vulnerabilities and related medical device safety issues as they become available.

Additional Singapore medical device regulatory and cybersecurity resources from Emergo by UL:

Author

  • Stewart Eisenhart

Related