Bluetooth Vulnerability for Dental Offices
US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices that may be in use at HIPAA coverered entities like dental offices.
A remote attacker could exploit several of these vulnerabilities to take control of affected devices that may have access to ePHI on the network. HIPAA and Security Officers should include this threat in their next Risk Assessment and create policies to protect against this vulnerability until devices and software using bluetooth are updated..
US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information.