The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) revealed that security vulnerabilities found in six different devices manufactured by Baxter, BD, and Biotronik could allow hackers to alter system configurations, if compromised.
Four of the six flaws are found in Baxter medical devices: ExactaMix, PrismaFlex and PrimsaMax, Sigma Spectrum Infusion Pumps, and Hemodialysis Delivery System. The vulnerabilities were identified by the the manufacturer and reported to CISA. The flaws in the PrismaFlex and PrimsaMax devices pertain to the system’s method of cleartext transmission of sensitive data, along with hard-coded passwords and improper authentication. If a hacker successfully exploited the flaw with network access, they could view and change device data.
Vulnerabilities found in the infusion pumps also involve hard-coded passwords and cleartext data transmission, in addition to incorrect assignment of permissions to critical resources and operations after a release of expiration. A successful exploit of the infusion pump flaws could allow an attacker to access sensitive device data, change system configurations, and alter system availability.
Read the full article on Health IT Security.