Medical infusion-pump system has two serious bugs, researchers say
Researchers found two vulnerabilities in a type of medication-pump system for hospital patients that could allow a hacker to disable the device, infect it with malware or create false readings.
The system, the Alaris Gateway Workstation, is made by Becton, Dickinson and Company.
The more severe vulnerability is in the workstation’s firmware and could allow an attacker to “brick” the workstation, rendering it useless unless it is returned to the manufacturer for repair. The other vulnerability could let a hacker alter the workstation’s network configuration and monitor the pump’s status. The Department of Homeland Security’s industrial control system unit issued an advisory that advised organizations on mitigating risk stemming from the vulnerabilities.
Sean Lyngaas has the story.