TechRepublic: “Kaspersky security researchers announced this week that a popular data transfer protocol used by healthcare devices is full of critical vulnerabilities. Researchers identified 33 weaknesses in 2021, which is an increase over problems found in 2020. Kaspersky reported that 90 vulnerabilities have been identified since 2014. That total includes critical vulnerabilities that are still unpatched, according to the analysis. Researchers also found vulnerabilities in the Qualcomm Snapdragon Wearable platform, which is also used in many wearable health trackers. The MMQT protocol is often used in devices used for remote patient monitoring. These devices record continuously or intermittently heart activity and other health metrics. The problem with the MMQT is that authentication is “completely optional and rarely includes encryption,” according to Kaspersky. This makes the protocol “highly susceptible to man-in-the-middle attacks ” and puts medical data, personal information and potentially a person’s location at risk for theft. Maria Namestnikova, head of the Russian Global Research and Analysis Team at Kaspersky, said in a press release that telehealth services extend well beyond video calls. “We’re talking about a whole range of complex, rapidly evolving technologies and products, including specialized applications, wearable devices, implantable sensors and cloud-based databases,” she said. “However, many hospitals are still using untested third-party services to store patient data, and vulnerabilities in healthcare wearable devices and sensors remain open.”…
Sorry, comments are closed for this post.