Widely Used Medical Infusion Pump Can Be Remotely Hijacked

Researchers have found two security vulnerabilities, one severe, in Becton Dickson (BD) infusion pumps: the devices used in hospitals for supplying power and network connectivity to multiple infusion and syringe pumps that deliver fluids, including intravenous fluids, painkillers and medications such as insulin.

Such pumps are often hooked up to a central monitoring station so that hospital staff can check on multiple patients at the same time.

The flaws, in BD’s Alaris Gateway Workstation (AGW), were discovered by the healthcare cybersecurity firm CyberMDX in September 2018. The firm’s researchers said on Thursday that one of the security flaws – the most critical, according to an advisory issued by the Department of Homeland Security (DHS), also on Thursday – could allow the devices to be remotely hijacked and controlled.

Read more at Naked Security

Homeland Security Today

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

See Full Bio