Search for:

In brief

On 1 September 2021, the Health Sciences Authority (HSA) published an advisory warning stakeholders of a new suite of cybersecurity vulnerabilities, known as “BrakTooth”, affecting medical devices that utilize certain Bluetooth Link Manager Protocols.


Recommended actions

For more information on the BrakTooth vulnerabilities and on how to identify whether your medical device is affected, the HSA recommends referring to the Singapore Computer Emergency Response Team (SingCERT) alert here, as well as the Singapore University of Technology and Design publication on BrakTooth here.

In depth

On 1 September 2021, the HSA published an advisory warning stakeholders of a new suite of cybersecurity vulnerabilities, known as “BrakTooth”, affecting medical devices that utilize certain Bluetooth Link Manager Protocols.

The BrakTooth vulnerabilities allow attackers within radio range to trigger crashes or deadlocks, or execute arbitrary code that will cause the device’s critical functions to fail.

Security patches developed by the respective Bluetooth chip developers have to be applied to affected devices in order to resolve the vulnerabilities.

Industry stakeholders have been advised to run checks on their existing medical devices to see if there are any devices affected by BrakTooth. Where there are vulnerabilities identified, stakeholders should report the matter (including the affected devices) to HSA at [email protected].

Stakeholders are also advised to conduct risk assessments in relation to the vulnerabilities, including on the impact on the affected medical device’s intended use. The vulnerabilities should also be proactively conveyed to healthcare institutions and to end users of the affected medical devices, alongside recommended steps to take to reduce potential harm to users and patients.

SingCERT, which is the official government agency facilitating the detection, resolution and prevention of cybersecurity incidents in Singapore, has recommended that users and administrators of the compromised devices immediately install the latest security updates from the relevant manufacturers. As a short-term mitigation measure, turning off the device’s Bluetooth communications protocol when not in use is also advised.

LOGO_Wong&Leow_Singapore

Baker McKenzie Wong & Leow is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “partner” means a person who is a partner or equivalent in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.

Author

Andy Leck is the managing principal of Baker McKenzie.Wong & Leow. Mr. Leck is recognised by the world’s leading industry and legal publications as a leader in his field. Asian Legal Business notes that he “always gives good, quick advice, [is] client-focused and has strong technical knowledge for his areas of practice”. Alongside his current role as managing principal, Mr. Leck has held several leadership positions in the Firm and externally as a leading IP practitioner. He currently serves on the International Trademark Association's Board of Directors and is a member of the Singapore Copyright Tribunal.

Author

Ren Jun is an associate principal of Baker & McKenzie.Wong & Leow. Ren Jun extensively represents local and international intellectual property-intensive clients in both contentious and non-contentious IP matters, such as anti-counterfeiting; civil and criminal litigation; commercial issues; regulatory clearance; and advertising laws. Ren Jun also advises on a wide range of issues relating to the healthcare industries. These include regulatory compliance in respect of drugs, medical devices, clinical trials, health supplements and cosmetics; product liability and recall; and anti-corruption. Ren Jun is currently a member of the Firm's Asia Pacific Healthcare ASEAN Economic Community; Product Liability and Regulatory Sub-Committees.

Write A Comment