Becton Dickinson (BD) is alerting customers that its laboratory automation instrument Totalys MultiProcessor is susceptible to cyberattacks. According to BD, a cybercriminal with physical or network access could see protected health information since the device uses hard-coded credentials.
“A successful attack would involve the threat actor having access to Windows authentication credentials (Remote Workstation) or breaking out of kiosk mode (Instrument) to gain access to the underlying Windows operating system. Any such attack would have high impact to the confidentiality and partial impact to the integrity and availability of the system, including potential access to sensitive information,” BD said in a statement on its website. An attacker could associate results with the wrong patient, thereby affecting their care, it added.
Until BD rolls out version 1.71 of the software to fix the problem, it should be possible to prevent attacks by other means, the company said. If the instrument does not need to be connected to a network, an attacker would need to physically interact with the device to exploit the vulnerability. BD is advising labs to limit access to authorized end users.
Read the full article on MedTechDive.