• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Drug Delivery Business

  • Clinical Trials
  • Research & Development
  • Drug-Device Combinations
  • FDA
  • Pharmaceuticals
  • Policy

US DHS warns of vulnerabilities in Smiths Medical Medfusion 4000 infusion pump

September 12, 2017 By Fink Densford

Smiths Medical

The US Dept. of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team has released a warning over issues with Smiths Medical’s Medfusion 4000 wireless syringe infusion pump after discovering 8 cybersecurity vulnerabilities in the device.

The notice is for versions 1.1, 1.5 and 1.6 Medfusion 4000 wireless syringe infusion pumps, according to the DHS notice.

Vulnerabilities include 3rd party components which could cause crashes or allow remote code to be used on the devices, and issues with the device’s wireless and wired network configuration and credentials.

The DHS said that the vulnerabilities can be exploited remotely, though there have been no reports of anyone trying to exploit them.

“Successful exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access and impact the intended operation of the pump. Despite the segmented design, it may be possible for an attacker to compromise the communications module and the therapeutic module of the pump,” the DHS warned. “Impact to individual organizations depends on many factors that are unique to each organizations. ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.”

The agency said that Smiths Medical had released recommendations for protecting from the vulnerability, including assigning static IP addresses to the devices, monitoring network activity and engaging in micro segmentation and virtual local area networks as well as appropriate password hygiene and backups.

The company is planning to release a new product version to address the vulnerabilities next January.

“The possibility of this exploit taking place in a clinical setting is highly unlikely, as it requires a complex and an unlikely series of conditions. We have been engaged with the FDA Center for Devices and Radiological Health and the U.S. Department of Homeland Security’s Industrial Control System – Computer Emergency Response Team (ICS-CERT) to resolve this issue,” Smiths Medical wrote in a statement on the vulnerability.

Late last month, Smiths Medical said it won 510(k) clearance from the FDA for its CADD-Solis wireless ambulatory infusion pump.

Filed Under: Drug-Device Combinations, Featured, Regulatory/Compliance Tagged With: Smiths Medical

IN CASE YOU MISSED IT

  • Tandem Diabetes Care delivers 1 million insulin boluses using t:connect mobile app
  • Nuvo, Sheba Medical Center develop AI-powered gestational diabetes management platform
  • Verily’s Onduo, Sword Health collaborate on virtual diabetes care
  • Shareholder lawsuit over BD’s Alaris pumps recall moves forward
  • Embecta stock soars on first full-quarter results after BD spinoff

Primary Sidebar

MEDTECH 100 INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
Need Drug Delivery Business News in a minute? We Deliver!
Drug Delivery Enewsletters get you caught up on all the mission critical news you need in med tech. Sign up today.

Signup for the newsletter

Footer

Drug Delivery Business News Logo

MassDevice Medical NETWORK

MassDevice
DeviceTalks
Medical Tubing & Extrusion
Medical Design & Outsourcing
MedTech100 Index
Drug Discovery & Development
Pharmaceutical Processing World
Medical Design Sourcing
R&D World

DRUG DELIVERY BUSINESS NEWS

Subscribe to Drug Delivery’s E-Newsletter
Advertise with us
About
Contact us
Privacy
Listen to our Weekly Podcasts
Add us on FacebookFollow us on TwitterConnect with us on LinkedIn

Copyright © 2022 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Advertise | Privacy Policy | RSS