• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Advertise
  • Subscribe

Drug Delivery Business

  • Clinical Trials
  • Research & Development
  • Drug-Device Combinations
  • FDA
  • Pharmaceuticals
  • Policy

BD issues vulnerability warning for Alaris infusion monitoring software

February 16, 2023 By Sean Whooley

BD Alaris Infusion Central software
The Alaris Infusion Central software. [Image courtesy of BD]
BD (NYSE:BDX) today issued a voluntary notification regarding cybersecurity vulnerabilities with its Alaris Infusion Central software.

Alaris Infusion Central, a standalone software — separate from pumps — provides data from the Alaris pumps. It allows healthcare providers to monitor infusion data sent from Alaris Plus and Alaris neXus pumps on a computer. Alaris Infusion Central is not sold in the U.S. Despite similar product family names, the vulnerability does not impact users of the Alaris PCU 8015 or Alaris Systems Manager.

BD said in the notice that it communicates with customers about cybersecurity vulnerabilities. This enables providers to manage potential risks through awareness and guidance. The company voluntarily shared the vulnerability with FDA, CISA and ISAOs where it participates.

The notice relates to the BD Alaris Infusion Central software, versions 1.1 to 1.3.2. This software may contain a recoverable password after the installation. No patient health is stored in the database, though some site installations may choose to store personal data.

BD said the vulnerability received a 7.3 (High) score in the Common Vulnerability Scoring System (CVSS). A threat actor requires local access to the software’s server, which limits the attack surface. Any such attack would have high impact to confidentiality and integrity, though. It also may have partial impact to the availability of data. Obtaining access to the password could result in disclosure and tampering of resident personal data.

The company determined a low probability of harm. Alaris Infusion Central collects and displays medical device data. It has no access to control, configure or operate the connected infusion pump.

BD said it revised its installation procedure to prevent the vulnerability in future installations. It recommends that users change passwords periodically and ensure physical access controls. Only authorized administrators should have access to the Alaris Infusion Central server.

Another Alaris issue for BD

Today’s notice from BD is the latest setback for Alaris, which has had its fair share over the past few years.

In early 2020, the company initiated an FDA Class I recall for the infusion pumps. The recall centered around multiple system errors, software errors, and use-related errors.

BD cut its financial outlook for that year after it enacted a hold of new shipments of Alaris pumps. BD applied for a new FDA clearance for the pumps in April 2021. It began a remediation effort in July 2021.

Last August, a federal judge in New Jersey ruled that a lawsuit against BD over how it communicated company performance amid its Alaris problems may proceed.

The most recent update on Alaris came in one sentence from the company’s fourth-quarter earnings call earlier this month. EVP and CFO Chris DelOrefice said: “regarding Alaris, we continue to only model shipments related to medical necessity in line with fiscal 2022 demand.”

Filed Under: Business/Financial News, Drug-Device Combinations, Featured, Recalls, Regulatory/Compliance Tagged With: Alaris, BD

IN CASE YOU MISSED IT

  • Abbott could pave new roads in diabetes management with dual sensor on the horizon
  • Tandem Diabetes Care pairs t:slim X2 pump with Abbott FreeStyle Libre 3 Plus in U.S.
  • Ypsomed, CamDiab to integrate Abbott dual glucose-ketone sensor into automated insulin delivery system
  • PharmaSens, SiBionics collab on all-in-one insulin patch pump
  • Beta Bionics to pair iLet automated insulin delivery system with Abbott’s dual glucose-ketone sensor

About Sean Whooley

Sean Whooley is an associate editor who mainly produces work for MassDevice, Medical Design & Outsourcing and Drug Delivery Business News. He received a bachelor's degree in multiplatform journalism from the University of Maryland, College Park. You can connect with him on LinkedIn or email him at swhooley@wtwhmedia.com.

Primary Sidebar

“ddb
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest news and trends happening now in drug delivery.

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.

Footer

Drug Delivery Business News Logo

MassDevice Medical NETWORK

MassDevice
DeviceTalks
Medical Tubing + Extrusion
Medical Design & Outsourcing
MedTech100 Index
Drug Discovery & Development
Pharmaceutical Processing World
Medical Design Sourcing
R&D World

DRUG DELIVERY BUSINESS NEWS

Subscribe to Drug Delivery’s E-Newsletter
Advertise with us
About
Contact us
Privacy
Listen to our Weekly Podcasts

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy | RSS