U.S. flag An official website of the United States government

On Oct. 1, 2024, the FDA began implementing a reorganization impacting many parts of the agency. We are in the process of updating FDA.gov content to reflect these changes.

  1. Home
  2. Drugs
  3. Development & Approval Process | Drugs
  4. CDER Small Business & Industry Assistance (SBIA)
  5. BlackBerry QNX Cybersecurity Vulnerabilities May Affect Drug Manufacturing Equipment
  1. CDER Small Business & Industry Assistance (SBIA)

BlackBerry QNX Cybersecurity Vulnerabilities May Affect Drug Manufacturing Equipment

The U.S. Food and Drug Administration is informing patients, health care providers, and manufacturers about cybersecurity vulnerabilities with a “real-time operating system (RTOS)” designed by QNX and owned by BlackBerry. These vulnerabilities may introduce risks for certain medical devices and drug manufacturing equipment. FDA is not aware of any confirmed adverse events related to these vulnerabilities. Manufacturers are assessing which equipment or systems may be affected by the BlackBerry QNX cybersecurity vulnerability, evaluating the risk, and developing mitigations, including deploying patches from BlackBerry.

Read more about the RTOS vulnerability.

Report Security Impacts 

If your organization is impacted by the BlackBerry QNX cybersecurity vulnerability, please contact FDA. Drug manufacturers regulated by the Center for Drug Evaluation and Research should contact: cdercybersecurity@fda.hhs.gov. Please include the product(s), equipment, and/or system(s) that use the vulnerable RTOS and any identified or possible impacts. 

Questions?

If you have questions about this cybersecurity vulnerability, contact the Cybersecurity and Infrastructure Security Agency (CISA)
 

Back to Top