On 15 December 2023, Health Sciences Authority (HSA) Singapore issued a medical device advisory to alert industry stakeholders to cybersecurity vulnerabilities known as “5Ghoul”.
“5Ghoul” affects commercial off-the-shelf (COTS) edge devices using 5G modems. Medical device systems using 5G modems for internet connectivity to function could be attacked in the form of lost, frozen, or downgraded (5G to 4G) connection.
Related details to determine whether or not your medical devices are affected may be referenced in:
- Cyber Security Agency (CSA) of Singapore – [AL-161] Multiple High Severity Vulnerabilities in Qualcomm and MediaTek Products (csa.gov.sg)
- Singapore University of Technology and Design (SUTD) – ASSET Research Group: 5Ghoul (asset-group.github.io)
Currently, modems from Qualcomm and Mediatek are identified to be affected by “5Ghoul”.
HSA urges dealers to work with manufacturers on identifying the affected medical devices, reporting to Authority, performing risk assessments and mitigation measures such as interim controls and thereafter security patching as well as communicating with healthcare providers and end-users.
Likewise, healthcare providers and end-users should proactively work with dealers and manufacturers to manage mentioned risks. For details, please refer to this document.
If you have any queries about this announcement, please do not hesitate to contact us at sales@andamanmed.com or click the button below.