Drug Delivery Business

DHS warns on BD’s Alaris pump

By Leave a Comment

Becton DickinsonThe U.S. Dept. of Homeland Security issued an advisory this week, warning consumers that BD’s (NYSE: BDX) Alaris syringe pumps can be hacked via a vulnerability that gives a remote attacker unauthorized access to the device when it is connected to a terminal server.

BD determined that the affected products are not sold within the U.S., a spokesman told Drug Delivery Business News, noting that the issue only affects older models used outside the U.S.

“BD no longer sells any of these pumps, and any syringe pump we currently sell is not affected by this vulnerability. In addition, this vulnerability only exists when pumps are connected to a terminal server, which is not recommended by BD,” the spokesman told us.

The devices – Alaris GS, Alaris GH, Alaris CC and Alaris TIVA – include software that does not “perform authentication for functionality that requires a provable user identity,” the DHS wrote. The vulnerability was discovered by Elad Luz of CyberMDX and BD reported the problem to DHS’ Industrial Control Systems Cyber Emergency Response Team.

The vulnerability cannot be exploited if the device is connected to an Alaris Gateway Workstation, BD said, and a hacker cannot remotely turn on a device. To reduce the risk associated with this vulnerability, BD recommended that users operate the pumps in a segmented network environment or as a stand-alone device.

The company also noted that users should use connections via the Alaris Gateway Workstation, which would turn off the remote control feature.

The NCCIC recommended that users use secure methods, like a virtual private network (VPN), if they need to use the remote access feature of the pump. But, the group cautioned that “VPN is only as secure as the connected devices.”

Want to stay on top of DDBN content? Sign up for our e-mail newsletter for a weekly dose of drug-device news.

Theranos whistleblower Tyler Shultz to participate in keynote interview at DeviceTalks Boston

textadimage At DeviceTalks Boston, Tyler Shultz will give attendees an inside look at Theranos and how he was able to sound the alarm after he realized the company was falling apart. Shultz will take attendees behind the story that everyone is talking about: the rise and fall of Elizabeth Holmes and her diagnostic company, Theranos.

Join Shultz and 1,000+ medical device professionals at the 8th annual DeviceTalks Boston.

REGISTER NOW

IN CASE YOU MISSED IT

Leave a Reply

Your email address will not be published. Required fields are marked *

MassDevice Medical NETWORK

MassDevice
DeviceTalks
Medical Design & Outsourcing

DRUG DELIVERY BUSINESS NEWS

Subscribe to Drug Delivery News
Advertise with us
About
Contact us
Privacy
Add us on FacebookDrug Delivery Business News
Follow us on Twitter@DrugDeliveryNow
Connect with us on LinkedInLinkedIn