• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Drug Delivery Business

  • Clinical Trials
  • Research & Development
  • Drug-Device Combinations
  • FDA
  • Pharmaceuticals
  • Policy

DHS warns on BD’s Alaris pump

August 24, 2018 By Sarah Faulkner

Becton DickinsonThe U.S. Dept. of Homeland Security issued an advisory this week, warning consumers that BD’s (NYSE: BDX) Alaris syringe pumps can be hacked via a vulnerability that gives a remote attacker unauthorized access to the device when it is connected to a terminal server.

BD determined that the affected products are not sold within the U.S., a spokesman told Drug Delivery Business News, noting that the issue only affects older models used outside the U.S.

“BD no longer sells any of these pumps, and any syringe pump we currently sell is not affected by this vulnerability. In addition, this vulnerability only exists when pumps are connected to a terminal server, which is not recommended by BD,” the spokesman told us.

The devices – Alaris GS, Alaris GH, Alaris CC and Alaris TIVA – include software that does not “perform authentication for functionality that requires a provable user identity,” the DHS wrote. The vulnerability was discovered by Elad Luz of CyberMDX and BD reported the problem to DHS’ Industrial Control Systems Cyber Emergency Response Team.

The vulnerability cannot be exploited if the device is connected to an Alaris Gateway Workstation, BD said, and a hacker cannot remotely turn on a device. To reduce the risk associated with this vulnerability, BD recommended that users operate the pumps in a segmented network environment or as a stand-alone device.

The company also noted that users should use connections via the Alaris Gateway Workstation, which would turn off the remote control feature.

The NCCIC recommended that users use secure methods, like a virtual private network (VPN), if they need to use the remote access feature of the pump. But, the group cautioned that “VPN is only as secure as the connected devices.”

Want to stay on top of DDBN content? Sign up for our e-mail newsletter for a weekly dose of drug-device news.

Filed Under: Drug-Device Combinations, Featured, Pharmaceuticals, Wall Street Beat Tagged With: Becton Dickinson

IN CASE YOU MISSED IT

  • MedAlliance wins second FDA IDE nod for drug-coated balloon
  • Wells Fargo downgrades Tandem amid rise of automated insulin delivery competition
  • FDA approves first targeted infusion therapy for HER2-low breast cancer
  • Abbott, WeightWatchers partner on diabetes care
  • Insulet up on Q2 sales beat, raised full-year guidance

Primary Sidebar

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
Need Drug Delivery Business News in a minute? We Deliver!
Drug Delivery Enewsletters get you caught up on all the mission critical news you need in med tech. Sign up today.

Signup for the newsletter

Footer

Drug Delivery Business News Logo

MassDevice Medical NETWORK

MassDevice
DeviceTalks
Medical Tubing & Extrusion
Medical Design & Outsourcing
MedTech100 Index
Drug Discovery & Development
Pharmaceutical Processing World
Medical Design Sourcing
R&D World

DRUG DELIVERY BUSINESS NEWS

Subscribe to Drug Delivery’s E-Newsletter
Advertise with us
About
Contact us
Privacy
Listen to our Weekly Podcasts
Add us on FacebookFollow us on TwitterConnect with us on LinkedIn

Copyright © 2022 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Advertise | Privacy Policy | RSS