The Food and Drug Administration is warning patients that a recently discovered problem with Bluetooth Low Energy communications may allow computer hackers to remotely disable or access pacemakers, glucose monitors, ultrasound devices and other medical systems.

The FDA says no patients have been reported harmed by the problem, but the software needed to run such an attack is available online.

It’s not yet clear which devices are specifically vulnerable to the problem, though pacemakers, diabetes monitors and ultrasound machines are widely used in health care. Spokespeople with device companies said Tuesday that they were working to find out more information.

“The FDA recommends that medical device manufacturers stay alert for cybersecurity vulnerabilities and proactively address them by participating in coordinated disclosure of vulnerabilities as well as providing mitigation strategies,” Dr. Suzanne Schwartz, a deputy director in the FDA’s Center for Devices and Radiological Health, said in the announcement.

The problem involves a vulnerability referred to in the security community as “SweynTooth.” It allows an unauthorized party to remotely access wireless communications between medical devices that are “paired” over a Bluetooth Low Energy (BLE) connection.

“These cybersecurity vulnerabilities may allow an unauthorized user to wirelessly crash the device, stop it from working, or access device functions normally only available to the authorized user,” the FDA’s alert on Tuesday afternoon says.

The alert is available here: https://www.fda.gov/news-events/press-announcements/fda-informs-patients-providers-and-manufacturers-about-potential-cybersecurity-vulnerabilities-0

