• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Advertise
  • Subscribe

Drug Delivery Business

  • Clinical Trials
  • Research & Development
  • Drug-Device Combinations
  • FDA
  • Pharmaceuticals
  • Policy

BD warns on cybersecurity risk with BodyGuard infusion pumps

December 1, 2022 By Sean Whooley

BD BodyGuard infusion pump
The BodyGuard infusion pump system. [Image from BD]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today issued an advisory regarding infusion pumps from BD (NYSE:BD).

CISA’s advisory concerns the BD BodyGuard infusion pumps. They may contain a vulnerability in the form of a missing protection mechanism for an alternate hardware interface.

No known public exploits specifically target this vulnerability, CISA said. Attackers may not exploit the vulnerability remotely. It also has a high attack complexity. BD reported this vulnerability to CISA.

Successful exploitation of the vulnerability could allow a hacker to change configuration settings. It could also allow them to disable the pump. CISA said these BodyGuard pumps may contain the vulnerability:

  • BD BodyGuard
  • CME BodyGuard 323 (2nd Edition)
  • CME BodyGuard 323 Color Vision (2nd Edition)
  • CME BodyGuard 323 Color Vision (3rd Edition)
  • CME BodyGuard Twins (2nd Edition)

CISA noted that affected pumps are deployed outside the U.S.

Affected pumps allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge could configure or disable the pump. The pump stores no electronic or non-electronic protected health information or personally identifiable information.

Mitigations suggested by BD and CISA

BD suggests that, to reduce risk, users ensure physical access controls remain in place. These ensure that only authorized users can access the affected product. Users should also ensure that they connect only BD-approved equipment to the RS-232 interface.

Additionally, users ought to ensure they don’t connect equipment to the RS-232 interface when affected pumps deliver infusions. BD said they should also protect connected computer systems with BodyComm software with standard security measures.

CISA added that users should minimize network exposure and ensure systems can’t be accessed from the Internet. They should also locate control system networks and remote devices behind firewalls and isolate them from business networks. Finally, when they require remote access, they should use secure methods, such as virtual private networks (VPNs).

Filed Under: Business/Financial News, Drug-Device Combinations, Featured, Regulatory/Compliance Tagged With: BD, Cybersecurity

IN CASE YOU MISSED IT

  • Insulet hires new chief HR officer from J&J
  • Breakthrough T1D, Mattel debut Barbie doll with type 1 diabetes
  • Medtronic Diabetes names CFO with consumer experience ahead of separation
  • Diabeloop launches insulin delivery algorithm in Germany
  • GlucoModicum has positive data for needle-free CGM

About Sean Whooley

Sean Whooley is an associate editor who mainly produces work for MassDevice, Medical Design & Outsourcing and Drug Delivery Business News. He received a bachelor's degree in multiplatform journalism from the University of Maryland, College Park. You can connect with him on LinkedIn or email him at swhooley@wtwhmedia.com.

Primary Sidebar

“ddb
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest news and trends happening now in drug delivery.

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.

Footer

Drug Delivery Business News Logo

MassDevice Medical NETWORK

MassDevice
DeviceTalks
Medical Tubing + Extrusion
Medical Design & Outsourcing
MedTech100 Index
Drug Discovery & Development
Pharmaceutical Processing World
Medical Design Sourcing
R&D World

DRUG DELIVERY BUSINESS NEWS

Subscribe to Drug Delivery’s E-Newsletter
Advertise with us
About
Contact us
Privacy
Listen to our Weekly Podcasts

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy | RSS