Medical infusion-pump system has two serious bugs, researchers say

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/medical-infusion-pump-system-two-critical-bugs-researchers-say/

By Sean Lyngaas
CYBERSCOOP
June 13, 2019

Researchers have found two vulnerabilities in a type of infusion-pump 
system, which hospitals used to administer medication, that they say could 
allow a hacker to disable the device, infect it with malware, or create 
false readings.

The vulnerabilities are in a pump system known as the Alaris Gateway 
Workstation made by Becton, Dickinson and Company (BD), a New Jersey-based 
medical equipment vendor.

“In extreme cases, the attacker could even communicate directly with pumps 
connected to the gateway to alter drug dosages and infusion rates,” 
researchers from CyberMDX, a medical-device security company that found 
the flaws, said in a press release Thursday.

The more severe vulnerability is in the workstation’s firmware and could 
allow an attacker to “brick” the workstation, rendering it useless unless 
it is returned to the manufacturer for repair. The other vulnerability 
could let a hacker alter the workstation’s network configuration and 
monitor the pump’s status. Firmware updates issued by the company fix the 
bugs.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_