Thousands of medical pumps could be vulnerable to dangerous security bugs

By Scott Marlette Last updated Mar 3, 2022

Tens of thousands of smart medical infusion pumps are carrying known flaws and are vulnerable to data exfiltration and other attacks, experts have claimed.

Cybersecurity researchers from Palo Alto Networks recently examined 200,000 internet-connected infusion pumps and found that three quarters (75%) are running with known security issues.

Furthermore, between 30,000 and 100,000 devices are vulnerable to various critical security flaws, whose average severity hovers around 9.8 out of 10.

Updating the inventory list

The most prevalent of all vulnerabilities, the report adds, is CVE-2019-12255, a memory corruption bug in the VxWorks real-time operating system (RTOS). This one was found in more than half (52 percent) of all infusion pumps, or 104,000 endpoints.

In total, 11 vulnerabilities were labeled as “urgently needs addressing”.

The problem, however, doesn’t seem to be with the device manufacturers. The fixes for most of these vulnerabilities have been available for quite some time now. The problem is in the operators who aren’t updating them or managing them in a timely fashion.

The bugs carry a wide variety of dangers, the publication further states, from unauthorized cleartext data transmission, to hardcoded credentials and incorrect permissions.

For some of the vulnerabilities, there are no patches yet, but mitigations are available.

Discussing the findings in a blog post, Palo Alto Networks urged all healthcare providers to be more proactive with their cybersecurity strategies, and make sure their devices are safe from malware and other threats. For starters, they should keep an updated inventory of all the endpoints found on their network.

While some of the flaws found in the devices are “not practical”, they are a “risk to the general security of healthcare organizations and the safety of patients,” Palo Alto concluded.

Healthcare providers are often in threat actors’ crosshairs, as the sensitivity of the data they generate makes them a lucrative ransomware target.

Via: BleepingComputer

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.