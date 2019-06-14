Show More Results

Latest in Gear

Image credit: Alaris
save
Save
share

Bugs in a popular hospital pump may let attackers alter drug dosages

Homeland Security is advising hospitals to update their software.
Mariella Moon, @mariella_moon
1h ago in Security
Comments
45 Shares
Share
Tweet
Share
Save

Sponsored Links

Alaris

Healthcare security firm CyberMDX has discovered two bugs affecting a popular infusion pump, allowing hijackers to remotely access and control it. Homeland Security has disclosed the vulnerabilities in the Alaris Gateway Workstation, a hospital pump that delivers fluids such as insulin into a patient's body in a controlled manner, detailing how they can be exploited and fixed. The researchers found that attackers could exploit the bugs to install malware on the pump's onboard computer running Windows CE, which powers and controls the device.

They also found that attackers can use the vulnerabilities to remotely kick the pumps offline, as well as adjust specific commands. For instance, they could change its configuration, which will alter infusion rates and change the dosages patients get. CyberMDX told TechCrunch that creating an attack kit is "quite easy," but the actual infiltration process can be pretty complex. It requires multiple steps and, among other things, the knowledge of a particular workstation's IP address. As TC noted, it'll be hard to actually kill a patient using the bugs.

Even so, hospitals are advised to secure their devices by updating their software -- the bugs can only be exploited on older firmware. Especially since the pump is just one of the medical devices that can be hijacked these days. Vulnerabilities in medical equipment have become a big issue lately that the FDA is asking manufacturers to boost their cybersecurity measures and protect products like pacemakers and insulin pumps from cyberattacks.

Via: TechCrunch
Source: CyberMD, Department of Homeland Security
In this article: gear, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
45 Shares
Share
Tweet
Share
Save
Comments
Sign In

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr