https://www.cyberscoop.com/medical-infusion-pump-system-two-critical-bugs-researchers-say/
By Sean Lyngaas
CYBERSCOOP
June 13, 2019
Researchers have found two vulnerabilities in a type of infusion-pump
system, which hospitals used to administer medication, that they say could
allow a hacker to disable the device, infect it with malware, or create
false readings.
The vulnerabilities are in a pump system known as the Alaris Gateway
Workstation made by Becton, Dickinson and Company (BD), a New Jersey-based
medical equipment vendor.
“In extreme cases, the attacker could even communicate directly with pumps
connected to the gateway to alter drug dosages and infusion rates,”
researchers from CyberMDX, a medical-device security company that found
the flaws, said in a press release Thursday.
The more severe vulnerability is in the workstation’s firmware and could
allow an attacker to “brick” the workstation, rendering it useless unless
it is returned to the manufacturer for repair. The other vulnerability
could let a hacker alter the workstation’s network configuration and
monitor the pump’s status. Firmware updates issued by the company fix the
bugs.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
