• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Advertise
  • Subscribe

Drug Delivery Business

  • Clinical Trials
  • Research & Development
  • Drug-Device Combinations
  • FDA
  • Pharmaceuticals
  • Policy

Many infusion pumps are vulnerable to hackers, study says

March 3, 2022 By Sean Whooley

Hacker altumcode
[Image from AltumCode on Unsplash]

Palo Alto Network’s Unit 42 released results from a study showing that 75% of infusion pumps observed had known cybersecurity gaps.

The results involved crowdsourced data from scans of more than 200,000 infusion pumps on the network of health providers using IoT Security for Healthcare from Palo Alto Networks.

Vulnerabilities observed in the study included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT (internet of things) devices.

More than half (52%) of all infusion pumps scanned were susceptible to two known vulnerabilities disclosed in 2019. One had a “critical” severity score, and the other had a “high” severity score.

Among the infusion systems listed in the study was the BD Alaris system. It’s seen several recalls over the years, with BD beginning remediation for software issues last year. The company originally disclosed vulnerabilities for Alaris in 2017, 2019 and 2020.

Today, BD confirmed that it posted security bulletins about the use of hardcoded credentials in specific BD Pyxis medication management systems, BD Rowa pouch packaging systems and the BD Viper LT tabletop analyzer for molecular diagnostic testing.

BD said that hardcoded credentials aren’t used directly by customers or end-users to access the affected systems. For the vulnerability to be exploited, an unauthorized user would need to gain access to the hardcoded credentials, infiltrate the facility’s network and/or gain access to individual devices and bypass additional security controls.

The company has received no reports of exploitation of the vulnerability in a clinical setting but, for maximum awareness, had voluntarily reported it to the FDA and Information Sharing and Analysis Organizations (ISAOs) where BD participates. Reports, for example, went to the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the Health Information Sharing and Analysis Center (H-ISAC).

Filed Under: Auto-injectors, Business/Financial News, Drug-Device Combinations, Featured Tagged With: BD, Cybersecurity, infusion pump, infusion systems

IN CASE YOU MISSED IT

  • Medtronic enrolls first patient in study for Onyx liquid embolic system
  • BD issues voluntary recall on certain Alaris infusion pump modules
  • Sequel Med Tech expects full twiist launch in the fall
  • Insulet hires new chief HR officer from J&J
  • Breakthrough T1D, Mattel debut Barbie doll with type 1 diabetes

About Sean Whooley

Sean Whooley is an associate editor who mainly produces work for MassDevice, Medical Design & Outsourcing and Drug Delivery Business News. He received a bachelor's degree in multiplatform journalism from the University of Maryland, College Park. You can connect with him on LinkedIn or email him at swhooley@wtwhmedia.com.

Primary Sidebar

“ddb
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest news and trends happening now in drug delivery.

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.

Footer

Drug Delivery Business News Logo

MassDevice Medical NETWORK

MassDevice
DeviceTalks
Medical Tubing + Extrusion
Medical Design & Outsourcing
MedTech100 Index
Drug Discovery & Development
Pharmaceutical Processing World
Medical Design Sourcing
R&D World

DRUG DELIVERY BUSINESS NEWS

Subscribe to Drug Delivery’s E-Newsletter
Advertise with us
About
Contact us
Privacy
Listen to our Weekly Podcasts

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy | RSS