This week, researchers at Palo Alto’s Unit 42 team shared a report that reveals security issues and vulnerabilities typically occur in smart infusion pumps. These bedside gadgets systemize the distribution of drugs and fluids to patients and are interconnected to networks to permit them to be remotely controlled by hospitals.
The researchers employed crowdsourced scans from over 200,000 infusion pumps at hospitals and other medical providers and sought out vulnerabilities and security problems that can possibly be exploited. The devices were tested against about 40 known vulnerabilities and about 70 other IoT vulnerabilities.
Three-quarters of the 200,000 infusion pumps were found to have security issues that positioned them at substantial risk of being affected by hackers. Worryingly, 52% of the assessed devices were observed to be susceptible to two major infusion pump vulnerabilities dating back to 2019, one of which is a critical vulnerability given a CVSS severity score of 9.8 of 10 (Wind River VxWorks CVE-2019-12255), whereas the other is a high severity vulnerability having a CVSS score of 7.1 (Wind River VxWorks CVE-2019-12264).
Vulnerabilities in infusion pumps may be taken advantage of to cause injury to people. By acquiring access to the equipment, attackers can prevent the delivery of medicines and fluids or cause the gadgets to provide likely fatal amounts of medications. Vulnerabilities may additionally be exploited to acquire access to, alter, or remove sensitive patient records, and it is the latter sort of vulnerability that is most typical.
Though a number of these vulnerabilities and warnings may be unrealistic for attackers to exploit unless physically existing in a business, all stand for a probable risk to the general safety of healthcare companies and the protection of patients – in particular in cases wherein threat actors may be driven to add further resources into attacking a target. The uncovering of security problems in three out of four infusion pumps analyzed demonstrates the requirement for the healthcare sector to redouble efforts to secure against recognized vulnerabilities, while faithfully following recommendations for infusion pumps and hospital systems.
Great hospitals and clinics could make use of thousands of infusion pumps. Whenever vulnerabilities are uncovered, patching or implementing compensating controls immediately can be a serious concern. First, the impacted devices ought to be known, then they need to be patched, repaired, or substituted. When any vulnerable device is neglected, it will continue to be prone to attack and a patient’s life could be put at stake.
It is crucial to retain an exact inventory of infusion pumps (along with other IoMT devices) being used and to have the ability to immediately uncover, locate, and examine the usage of the devices. Security teams must carry out a holistic risk examination and proactively uncover vulnerabilities and discover compliance issues.
Risk reduction plans must be implemented. Real-time risk tracking, reporting, and notifying are essential for institutions to proactively minimize IoMT threats. Regular profiling of device activity and behavior brings information that may be properly changed into risk-based Zero-Trust policy regulations. Hospitals and clinics ought to take steps also to prevent known targeted IoT malware, spyware, and exploits, avoid the implementation of DNS for C2 communications, and halt access to bad URLs and also malicious websites to avert the loss of sensitive information.
