The U.S. Food and Drug Administration is informing patients, health care providers, and manufacturers about cybersecurity vulnerabilities with a “real-time operating system (RTOS)” designed by QNX and owned by BlackBerry. These vulnerabilities may introduce risks for certain medical devices and drug manufacturing equipment. FDA is not aware of any confirmed adverse events related to these vulnerabilities. Manufacturers are assessing which equipment or systems may be affected by the BlackBerry QNX cybersecurity vulnerability, evaluating the risk, and developing mitigations, including deploying patches from BlackBerry.
Read more about the RTOS vulnerability.
Report Security Impacts
If your organization is impacted by the BlackBerry QNX cybersecurity vulnerability, please contact FDA. Drug manufacturers regulated by the Center for Drug Evaluation and Research should contact: firstname.lastname@example.org. Please include the product(s), equipment, and/or system(s) that use the vulnerable RTOS and any identified or possible impacts.
If you have questions about this cybersecurity vulnerability, contact the Cybersecurity and Infrastructure Security Agency (CISA).