Security Flaws Put Patients' Lives At Risk

Security flaws recently discovered in a range of drug infusion pumps distributed worldwide have enabled perpetrators the ability to potentially alter drug doses administered to patients and gain access to hospitals’ drug library data. The infusion pumps made by Hospira, the world’s leading provider of injectable drugs and infusion technologies, have been reported by researchers to be vulnerable to unauthorized access to hospital networks, allowing intruders to remotely access the pumps via the Internet and control the dosage amounts that are given. Well-known security researcher, Billy Rios, discovered that the pumps used “drug libraries”, including dosage limits to ensure that each pump operates safely, that could be updated by an untrusted source without any verification. In the worst case scenario, the vulnerabilities could allow perpetrators to control drug doses and increase them to the maximum amount permitted. To help prevent unauthorized access to the pump’s critical functions, experts suggest the use of cryptographic algorithms to ensure that the data stored in hospital networks comes from a trusted source and was not altered by an imposter. According to Hospira, the pumps use a special serial connection inside of each device in order to access and update the firmware where the pump’s operating system and software are stored. Because the firmware uploads are sent across serial links that are not digitally signed, an intruder could rewrite the firmware in a pump without triggering any warning and alter dosage amounts, or even ignore dosage limits. To help keep your organization’s networks secure, Taino Consulting Group offers the services to keep your employees, intellectual property, and other assets protected. To learn more, contact info@tainocg.com. https://nakedsecurity.sophos.com/2015/06/10/security-hole-in-hospira-hospital-drug-pumps-could-let-through-fatal-doses/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=information_security