MedSec – WindowsTechs.com

Medical infusion-pump system has two bugs, researchers say

Posted on June 13, 2019 by Sean Lyngaas

Researchers have found two vulnerabilities in a type of infusion-pump system, which hospitals used to administer medication, that they say could allow a hacker to disable the device, infect it with malware, or create false readings. The vulnerabilities are in a pump system known as the Alaris Gateway Workstation made by Becton, Dickinson and Company (BD), a New Jersey-based medical equipment vendor. “In extreme cases, the attacker could even communicate directly with pumps connected to the gateway to alter drug dosages and infusion rates,” researchers from CyberMDX, a medical-device security company that found the flaws, said in a press release Thursday. The more severe vulnerability is in the workstation’s firmware and could allow an attacker to “brick” the workstation, rendering it useless unless it is returned to the manufacturer for repair. The other vulnerability could let a hacker alter the workstation’s network configuration and monitor the pump’s status. Firmware updates issued […]

The post Medical infusion-pump system has two bugs, researchers say appeared first on CyberScoop.

Continue reading Medical infusion-pump system has two bugs, researchers say→

Pacemaker updates seal vulnerabilities that impact nearly half million U.S. patients

Posted on August 30, 2017 by Patrick Howell O'Neill

Pacemakers from Abbott Laboratories can be hacked due to three significant vulnerabilities, the Department of Homeland Security’s CERT team announced on Tuesday, prompting the manufacturers to issue updates to address security and dangerous battery problems. It’s a complex and difficult flaw to exploit, according to CERT, but the danger is real. A nearby hacker can gain unauthorized access to the heart implants allowing them to issue commands, change settings and interfere with the pacemaker’s functionality. The pacemakers deliver electrical pulses to correct a slow, irregular or stopped heart. Interference could result in a target’s death. Attackers have to be within inches of the target to exploit the vulnerability via radio frequency (RF) communications. The pacemakers impacted are the following St. Jude Medical pacemaker and CRT-P devices: Accent Anthem Accent MRI Accent ST Assurity Allure MedSec Holdings, a third-party security research firm, identified the vulnerabilities in the devices made by Abbott Laboratories, formerly known as […]

The post Pacemaker updates seal vulnerabilities that impact nearly half million U.S. patients appeared first on Cyberscoop.

Continue reading Pacemaker updates seal vulnerabilities that impact nearly half million U.S. patients→

FDA Demands St. Jude Take Action on Medical Device Security

Posted on April 13, 2017 by Michael Mimoso

The FDA sent Abbott Laboratories a warning letter citing that it had inadequately addressed the security of the maligned Merlin@home Transmitter. Continue reading FDA Demands St. Jude Take Action on Medical Device Security→

Justine Bone on St. Jude Vulnerabilities and Medical Device Security

Posted on January 19, 2017 by Chris Brook

MedSec CEO Justine Bone talks to Mike Mimoso about the St. Jude Medical vulnerabilities, the considerations her company and Muddy Waters made in short selling St. Jude stock, and the current state of medical device security. Continue reading Justine Bone on St. Jude Vulnerabilities and Medical Device Security→

Threatpost News Wrap, January 13, 2017

Posted on January 13, 2017 by Chris Brook

The news of the week is discussed, including the ShadowBrokers’ farewell, GoDaddy’s buggy domain validation issue, MongoDB ransoms, and the latest with St. Jude Medical.

Continue reading Threatpost News Wrap, January 13, 2017→

Mike Mimoso, Tom Spring, and Chris Brook discuss the news of the week, including the MedSec/Muddy Waters story, how the Angler EK was traced back to the Lurk Gang, Fairware hitting Linux servers, and the Bashlite IoT malware. Continue reading Threatpost News Wrap, September 2, 2016→

Category Archives: MedSec

Medical infusion-pump system has two bugs, researchers say

Pacemaker updates seal vulnerabilities that impact nearly half million U.S. patients

FDA Demands St. Jude Take Action on Medical Device Security

Justine Bone on St. Jude Vulnerabilities and Medical Device Security

Threatpost News Wrap, January 13, 2017

St. Jude Medical Patches Vulnerable Cardiac Devices

St. Jude Medical Patches Vulnerable Cardiac Devices

Gang Up on the Problem, Not Each Other

FDA, DHS Investigating St. Jude Device Vulnerabilities

Threatpost News Wrap, September 2, 2016