Dangerous vulnerabilities detected in medical equipment from Becton, Dickinson and Company

CyberMDX security researchers discovered vulnerabilities in Becton, Dickinson and Company medical equipment, potentially allowing attackers to harm patients.

According to the researchers, two vulnerabilities in infusion pumps Alaris Gateway Workstation manufactured by Becton, Dickinson and Company allow an attacker to disable the device, infect it with malware or modify indicators.

“In emergency cases, attacker can even interact directly with the pumps and change the dosage of the drug and the rate of infusion,” – said the researchers.

The most dangerous of the two vulnerabilities affects the firmware of the workstation and allows completely disable the equipment, turning it into a useless “brick”. To restore the workstation, it will have to be sent to the manufacturer.

A less dangerous vulnerability allows an attacker to change the network configuration settings of the workstation and monitor the status of the pump.

Becton, Dickinson and Company released firmware updates that fix both vulnerabilities.

Infusion pump – medical equipment designed for long-term, metered, controlled injection of solutions, highly active drugs, nutrients to the patient. As a rule, infusion pumps are used for intravenous fluids.

The National Cybersecurity & Communications Integration Center (NCCIC) recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.

Specifically, users should:

  • Minimize network exposure for all medical devices and/or systems.
  • Locate medical devices behind firewalls and isolate them where possible.
  • Restrict system access to authorized personnel only and follow a least privilege approach.
  • Apply defense-in-depth strategies.
  • Disable any unnecessary accounts, protocols and services.

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.


User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button