MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » B,. Braun, Baxter, CareStream, Green Hills affected by Ripple20 cyber vulnerabilities

B,. Braun, Baxter, CareStream, Green Hills affected by Ripple20 cyber vulnerabilities

By

The U.S.  Cybersecurity and Infrastructure Security Agency (CISA) said it is aware of vulnerabilities affecting Treck IP stack implications for embedded systems.

Known as Ripple20, the vulnerabilities allow a remote attacker to exploit and take control of an affected system, according to the CISA statement.

Among the affected companies were B. Braun, Baxter (NYSE:BAX), Green Hills Software and CareStream. CISA encouraged affected users and administrators to review the affected products for additional information and mitigations, as well as to update to the latest stable version of the Treck IP stack software.

B. Braun issued a statement saying that it is aware of the notification from CISA, sharing that the vulnerabilities exist in the third-party software used for network communication in its Outlook 400ES safety infusion pump system.

The company said it received 24 patches from Treck to resolve vulnerabilities, determining that 20 patches are not applicable to the Outlook 400 ES platform. It is not advising any customer action at this time.

Five versions of the Baxter Spectrum infusion system’s wireless battery modules are impacted by the reported vulnerabilities, according to a company statement. To date, the company has not received reports of impacted clinical use related to the vulnerabilities, while it also received a patch and is taking the necessary steps to mitigate any issues.

Additionally, Baxter said to isolate the Spectrum infusion systems to its own network in an effort to reduce the probability that a threat actor could execute an adjacent attack against the system. Additionally, the company recommended appropriate wireless network security protocols and, as a last resort, customers may disable the wireless operation of the pump.

Green Hills said in a statement that its GHnet v2 network stack is based on the network stack from Treck, although they are not identical. Green Hills added new features and fixed bugs, citing those advancements as a reason the vulnerabilities’ impact is less severe than it could have been.

Its Integrity real-time operating system will include fixes for vulnerabilities in future releases and Green Hills is also making patches available to customers on previous releases.

No additional information for the affected products at CareStream was provided, and the company is yet to release a written statement on the matter.

In case you missed it

RSS From Medical Design & Outsourcing

  • BD ethylene oxide plant in Georgia meets federal emissions standard
    New emissions controls at one of two Becton Dickinson (NYSE:BDX) medtech sterilization plants have passed muster with the Georgia Environmental Protection Division (EPD). The EPD required BD to reduce emissions of the carcinogenic gas ethylene oxide (EtO) from two sterilization plants located southeast of Atlanta in Covington and Madison, Ga. BD completed installation of $8 million worth… […]
  • COVID-19 molecular diagnostic test shipments surpass 150M in U.S.
    Total U.S. shipments of COVID-19 molecular diagnostic tests have reached more than 150 million, based on the latest data from the AdvaMed COVID-19 testing supply registry. Manufacturers shipped nearly 8.5 million tests per week in August, up from 3.7 million weekly in April, the medtech trade group noted. AdvaMed launched the registry July 21 to aid… […]
  • Quest lets consumers order COVID-19 tests online
    Quest Diagnostics (NYSE:DGX) today announced that consumers will be able to order one of its COVID-19 diagnostics online and collect the specimen at home, without visiting a doctor’s office. QuestDirect Active Infection is also available by drive-through at more than 500 Walmart Neighborhood Market locations. Results are interpreted by a physician and provided digitally through the… […]
  • Henkel, Keystone collaborate on 3D printing offerings for dental industry
    Henkel and Keystone Industries announced today that they are forging a partnership to bring more 3D printing offerings to the dental space. The collaboration means Henkel will add dental applications to its 3D printing portfolio. The companies noted that the dental space is one of the first markets that has moved past prototyping with 3D… […]
  • How Diversified Plastics and Carbon printers are enabling better medical supply transport
    Diversified Plastics (Brooklyn Park, Minn.) turned to Carbon printers and Digitial Light Synthesis technology to help startup Thaddeus Medical Systems create what it touts as more reliable active, smart cold-chain packaging. Thaddeus — a five-year-old company in the Mayo Clinic’s home city of Rochester, Minn. — found that conventional 3D-printing or manufacturing methods were unable… […]
  • R&Q acquires Maetrics to expand its life science regulatory consulting
    Regulatory and Quality Solutions (R&Q) has acquired Maetrics, an international life sciences quality and regulatory consulting outfit. Financial terms of the deal, announced Sept. 10, were not disclosed. “R&Q’s vision has always been to become the worldwide leader in providing full-service regulatory and quality solutions to the medical device and diagnostic industries,” R&Q president Maria… […]
  • Feds unveil COVID-19 vaccine distribution plan
    The Trump administration today released a plan to distribute an eventual COVID-19 vaccine free of charge, initially to targeted groups and more broadly as supply increases. The government is planning a phased distribution using a contract awarded to McKesson in August. The first recipients could include: Healthcare personnel likely to be exposed to or treat people… […]
  • September 2020 Issue: 2020 Medical Device Handbook
    Click through our roughly 40 Handbook articles here Feature: How the presidential election could affect medtech Feature: These researchers adapted a stroke patient device for COVID-19 Feature: How a top research lab pivoted to fight COVID-19 Learning and innovating — what medtech does best The medical device industry never stands still. There’s always so much… […]
  • Thermo Fisher sinks $140M into lab plastics production for COVID-19
    Thermo Fisher Scientific (NYSE:TMO) today announced it is investing more than $140 million to further expand its laboratory plastics disposables production to meet global demand for COVID-19 testing, as well as for development and manufacturing of therapies and vaccines. “Early in the pandemic, we quickly joined forces with governments, public health agencies and industry to increase… […]
  • FDA clears Capsule Technologies’ addition of Masimo tech to patient monitor
    Capsule Technologies has received FDA 510(k) clearance for its Vitals Plus patient monitor with the Masimo NomoLine ISA CO2 module, Capsule announced today. Capnography technology enables clinicians to continuously monitor patient end-tidal carbon dioxide (EtCO2), respiratory rate (RR) and fractional inspired CO2 (FiCO2) for ventilation adequacy and the onset of changes in patient cardiovascular and… […]
  • AdvaMed MedTech Conference goes virtual
    The annual AdvaMed MedTech Conference has kicked off its second virtual week with livestreamed sessions beginning at 12:30 p.m. Eastern time Wednesday. Originally scheduled to take place in Toronto, this year’s conference was moved online due to the COVID-19 pandemic. Future AdvaMed annual conferences will likely be a hybrid of in-person and virtual, group chair… […]

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us

Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube