Vulnerability in infusion pump allows medication dose adjustment

Researchers have discovered several vulnerabilities in a B. Braun infusion pump that would allow an attacker to adjust the drug dose. It concerns a total of five security vulnerabilities that were discovered by researchers at security company McAfee .

For example, the authenticity of data is not properly verified. This allows an attacker to send malicious data to the infusion pump that is used instead of the correct data. This is possible due to the lack of a digital signature for the important data sets. Furthermore, it appears that it is possible to upload dangerous file types and thus overwrite important files.

The infusion pump also appears to send sensitive information unencrypted and it is possible to adjust the configuration of the device due to a lack of authentication. The fifth vulnerability allows an unauthenticated attacker to gain command-line access to the infusion pump. In order to carry out the attacks, the attacker must be on the same network as the infusion pump.

The impact of the vulnerabilities was assessed on a scale of 1 to 10 with a 5.8 to 9.7. Manufacturer B. Braun has since released updates . The researchers state that vulnerable versions of the software are still widely used within hospitals and are therefore at risk of attack. Until organizations have installed the updates, it is recommended to monitor the infusion pumps for any attacks.

Previous Post Next Post