Vulnerabilities in syringe infusion pumps could harm patients

Vulnerabilities in wireless syringe infusion pumps could harm patients

More medical devices – this time, syringe infusion pumps – have been found to contain vulnerabilities that hackers could use to compromise the safe treatment of patients. 

Eight recently discovered vulnerabilities in several widely used syringe infusion pumps could enable hackers to change the dose of medication that a patient receives, according to an advisory notice from ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), part of the US Department of Homeland Security.

The flaws were found in the software used on the Medfusion 4000 Wireless Syringe Infusion Pump from Smith Medical. More specifically, it is present in versions 1.1, 1.5 and 1.6 of the software.

These devices are used to deliver small doses of medication in acute care settings. The vulnerabilities, meanwhile, were discovered by independent security researcher Scott Gayou.

“Successful exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access and impact the intended operation of the pump. Despite the segmented design, it may be possible for an attacker to compromise the communications module and the therapeutic module of the pump,” says the advisory.

Read more: Security researchers uncover vulnerabilities in cardiac pacemakers

Updates on their way

It’s worth stressing that no known attacks have been carried out at this stage. According to the advisory, such an attack would require “an attacker with high skill”.

The flaws include the use of hard-coded credentials; passwords stored in the configuration file; improper access control; and improper certificate validation.

The advisory suggests that that healthcare facilities using these devices should conduct a risk assessment to determine whether they should disconnect the pumps from their network until a fix is available.

In a statement, the devices’ manufacturer Smiths Medical said that the possibility of this exploit taking place in a clinical setting is “highly unlikely”, as it requires a complex and an unlikely series of conditions. It is planning to release Version 1.6.1 for the Medfusion 4000 Wireless Syringe Infusion Pump in January 2018.

Read more: “Scary” number of healthcare IT execs put faith in inadequate IoT security

Patients at risk?

Gordon Morrison, director of government relations at security software company McAfee, told Internet of Business that despite the massive potential of the IoT in healthcare, a large number of medical devices are vulnerable to hacking – putting both hospital networks and patients themselves at risk.

“It is essential to ensure these devices are not introduced at the expense of the safety of the patient and their data,” said Morrison.

Achieving this will be a two-fold process, he added: “Ensuring that the devices are built securely by design and with the necessary security controls in place; [and putting in place] a security policy for connected devices in hospitals, to ensure that they can’t access sensitive data and are regularly patched against newly-discovered vulnerabilities.”

The post Vulnerabilities in syringe infusion pumps could harm patients appeared first on Internet of Business.

Internet of Business

Apple’s LTE-enabled Watch could be a wearable watershed moment

 Apple’s Series 3 smartwatch may look the same on the outside as the previous generation (albeit with a new ceramic gray options and contrasting red-tipped digital crown) but what they have inside might help kick the somewhat sleepy wearable category into high gear. To be clear, Apple isn’t the first to put cellular connectivity into a smartwatch – but it is the first to put… Read More
Mobile – TechCrunch

Dissolvable Electronic Devices Could Be the Future of Secure, Environmentally Friendly Tech

Research labs across the world are developing technology that could solve the difficulty of discarding electronics in an environmentally friendly way. Researchers from Stanford have created a wearable electronic film that dissolves in vinegar, which could also help keep sensitive information safer. There are also teams who designed tech straight out of a spy movie with self destructing batteries, some of which can even dissolve in water.

In the latest development, a team of researchers at the University of Houston have engineered a electronic device that can dissolve just by being exposed to water in the atmosphere. Even more, the period of time it takes for a device to dissolve can be controlled. The dissolving process could be modulated to occur in periods from days to even longer than weeks.

8 Everyday Items Reinvented by Technology
Click to View Full Infographic

What kind of products can be expect once this tech is able to be produced on a consumer scale?

Apart from the aforementioned ultra secure, temporary data storage or batteries, there are plenty of novel devices that we can watch out for. Imagine burner phones becoming the disappearing ink of the digital age. On the more altruistic side, we might see dissolvable medical devices that vanish after delivering medicine.

The post Dissolvable Electronic Devices Could Be the Future of Secure, Environmentally Friendly Tech appeared first on Futurism.

Futurism