DHS Issues Warning About Cybersecurity Vulnerabilities in Wireless Infusion Pumps | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

DHS Issues Warning About Cybersecurity Vulnerabilities in Wireless Infusion Pumps

September 12, 2017
by Heather Landi
| Reprints

The U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (DHS ICS-CERT) last week issued an advisory outlining eight vulnerabilities in Smiths Medical’s Medfusion 4000 Wireless Syringe Infusion Pump.

The vulnerabilities, identified by independent researcher Scott Gayou, could be exploited remotely, according to DHS ICS-CERT. “Successful exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access and impact the intended operation of the pump. Despite the segmented design, it may be possible for an attacker to compromise the communications module and the therapeutic module of the pump,” the agency wrote. “Impact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.”

Smiths Medical is planning to release a new product version to address these vulnerabilities in January, 2018. In the interim, NCCIC/ICS-CERT is recommending that users apply the identified compensating controls until the new version can be applied.

According to the advisory, Smiths Medical recommends users apply the following defensive measures:

  • Assign static IP addresses to the Medfusion 4000 Wireless Syringe Infusion Pump.
  • Monitor network activity for rogue DNS and DHCP servers.
  • Ensure network segments which the Medfusion 4000 medical infusion pumps are installed are segmented from other hospital and clinical information technology infrastructure.
  • Consider network micro segmentation.
  • Consider use of network virtual local area networks (VLANs) for the segmentation of the Medfusion 4000 medical infusion pumps.
  • Apply proper password hygiene standards across systems (i.e., use uppercase, lowercase, special characters, and a minimum character length of eight).
  • Do not re-use passwords.
  • Routinely take backups and perform routine evaluations.

 

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Protenus: Hacking Incidents are Quickly Discovered, But Insiders Go Undetected

A report on healthcare data breaches in July and August finds that while hacking incidents are quickly detected, insider breach incidents continue to go unnoticed, which can have a significant impact on healthcare organizations and patients.

Survey: Hospital CEOs See Digital Innovation as Critical, But Significant Roadblocks Remain

More than 75 percent of C-level executive healthcare leaders believe that digital innovation is important to an organization’s long-term strategy, but more than half acknowledge that they are holding off on innovation due to lack of capital and fear of creating unintended operational burdens.

New Patient-Centered Studies Take Advantage of PCORnet Infrastructure

The Patient-Centered Outcomes Research Institute (PCORI) board of governors recently approved $27 million in grant funding for several patient-centered research studies that take advantage of the expanding informatics infrastructure of PCORnet.

Nurses, Physicians Use Personal Devices Even When BYOD is Prohibited

Some seven in 10 (71 percent) hospitals now allow BYOD (bring your own device) in the workplace, according to a new survey, which also found that some healthcare professionals use personal devices for work even when BYOD is not allowed.

In Op-Ed, CMS Signals “New Direction” for Innovation Center, Issues Request for Information

In an op-ed in the Wall Street Journal on Tuesday, CMS Administrator Seema Verma said the Trump Administration plans to lead the Center for Medicare and Medicaid Innovation “in a new direction” to give providers more flexibility with new payment models and to increase healthcare competition.

ONC Seeking Feedback on Interoperability Standards Advisory

The Office of the National Coordinator for Health IT (ONC) is seeking comment on the Interoperability Standards Advisory (ISA) in advance of the 2018 Reference Edition publication.