Loophole in drug applicator software allowed to duplicate doses

Among all types of cyber attacks, scams against hospitals and care equipment must be among the most frightening. Now, security researchers have added another product to the list of devices with vulnerabilities after a flaw in the Infusomat Space Large Volume and SpaceStation dock, both from manufacturer B. Braun, allowed attackers to automatically double the dose of drugs applied to them. patients.

The infusion pump works in therapies that require high precision and a constant flow of medications, automatically and with intravenous application. According to the researchers at McAfee, responsible for discovering the vulnerability, it was possible to overcome the equipment’s security barriers and change the flow of medication administered, from a hospital network that has been compromised.

Experts did not disclose the details of the flaw, but spoke of exploiting a series of sequential vulnerabilities that lead an attacker from a healthcare organization’s infrastructure to the operating system of the Infusomat SpaceStation, and from there to the individual controls of infusion pumps. Switching off the equipment would draw the attention of professionals, while the duplication of doses could go unnoticed and could cause serious harm to patients.

Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!

What does the manufacturer say

In a statement sent to Canaltech, B. Braun said it had already worked on a solution for the vulnerability, which was published in mid-May, along with information to affected customers and mitigation guides for any breaches in its internal networks. The manufacturer claimed to have no records of malicious exploits or incidents related to the flaw, which was fixed through a software update.

When asked, the company said it could not report on the presence of vulnerable devices in Brazilian health institutions. On the other hand, B. Braun said it shared the details about the failure with the Center for Health Information Sharing and Analysis (H-ISAC), a global organization working to advance targeted cybersecurity advances. in the sector.

Source: Wired

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

Related Articles

Back to top button