MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » B,. Braun, Baxter, CareStream, Green Hills affected by Ripple20 cyber vulnerabilities

B,. Braun, Baxter, CareStream, Green Hills affected by Ripple20 cyber vulnerabilities

By Leave a Comment

The U.S.  Cybersecurity and Infrastructure Security Agency (CISA) said it is aware of vulnerabilities affecting Treck IP stack implications for embedded systems.

Known as Ripple20, the vulnerabilities allow a remote attacker to exploit and take control of an affected system, according to the CISA statement.

Among the affected companies were B. Braun, Baxter (NYSE:BAX), Green Hills Software and CareStream. CISA encouraged affected users and administrators to review the affected products for additional information and mitigations, as well as to update to the latest stable version of the Treck IP stack software.

B. Braun issued a statement saying that it is aware of the notification from CISA, sharing that the vulnerabilities exist in the third-party software used for network communication in its Outlook 400ES safety infusion pump system.

The company said it received 24 patches from Treck to resolve vulnerabilities, determining that 20 patches are not applicable to the Outlook 400 ES platform. It is not advising any customer action at this time.

Five versions of the Baxter Spectrum infusion system’s wireless battery modules are impacted by the reported vulnerabilities, according to a company statement. To date, the company has not received reports of impacted clinical use related to the vulnerabilities, while it also received a patch and is taking the necessary steps to mitigate any issues.

Additionally, Baxter said to isolate the Spectrum infusion systems to its own network in an effort to reduce the probability that a threat actor could execute an adjacent attack against the system. Additionally, the company recommended appropriate wireless network security protocols and, as a last resort, customers may disable the wireless operation of the pump.

Green Hills said in a statement that its GHnet v2 network stack is based on the network stack from Treck, although they are not identical. Green Hills added new features and fixed bugs, citing those advancements as a reason the vulnerabilities’ impact is less severe than it could have been.

Its Integrity real-time operating system will include fixes for vulnerabilities in future releases and Green Hills is also making patches available to customers on previous releases.

No additional information for the affected products at CareStream was provided, and the company is yet to release a written statement on the matter.

In case you missed it

RSS From Medical Design & Outsourcing

  • What’s next for nitinol tubing?
    Nitinol’s unique properties have made it the darling of the medical device industry. A novel technique for mechanically joining nitinol to other metal tubing could reduce cost and mitigate risk. Mark Broadley, Viant Nitinol has revolutionized the medical device industry. With its flexible superelasticity, shape memory and biocompatibility, nitinol has become a go-to material for… […]
  • Report: Haemonetics’ blood-collection devices could leave particles in donors
    A consortium of news outlets is questioning the safety of Haemonetics (NYSE:HAE) blood-collection devices, claiming that particles have been detected in donors whose plasma was extracted by the machines. According to a report in the Miami Herald, whistleblower documents indicate that more than 150 Haemonetics customer reports have been made regarding the presence of particles by plasma collection centers and heathcare… […]
  • Spinal Elements’ cervical fixation system wins FDA nod
    Spine surgery technology developer Spinal Elements announced today that it received FDA clearance for its Sapphire X product for anterior cervical fixation. Sapphire X is comprised of integrated instrumentation and high-angulation screws designed to help surgeons perform a procedure while preserving the patient’s skeletal and muscle tissue. The instrumentation is designed to reduce procedural steps… […]
  • How COVID-19 impacts FDA interactions with medical device manufacturers
    By Stewart Eisenhart, Emergo Group The US Food and Drug Administration may revise performance goals and timelines set under the Medical Device User Fee Amendments IV (MDUFA IV) as emergency efforts targeting the coronavirus pandemic take up more of the agency’s time. Get the full story here at the Emergo Group’s blog. The opinions expressed… […]
  • Switchback Medical adds ‘sandbox approach’ to device testing
    Contract manufacturer Switchback Medical (Maple Grove, Minn.) today announced that it has added a new division. Switchback BioSim Innovations offers functional dynamic biosimulator model development, cell culture services and physician training, according to the company. Biosimulator models use animal and human tissue to create functional models, such as a pumping heart with working valves to… […]
  • Smith College team wins ventilator design challenge
    A team of Smith College engineering alumnae, staff and faculty has won the CoVent-19 Challenge to design a rapidly deployable ventilator to address shortages caused by the COVID-19 pandemic, particularly in developing countries. A dozen anesthesiology resident physicians from Massachusetts General Hospital kicked off the public challenge April 1, attracting 200 entries. The 30-person team… […]
  • FDA gives certain device makers more time to add UDIs
    The FDA said today that it will grant manufacturers of Class 1 and unclassified medical devices and certain others more time to add unique device identifiers (UDIs) to their products. These companies will now have until Sept. 24, 2022 to comply with the agency’s UDI rule, including standard date formatting, labeling and Global Unique Device… […]
  • Eurofins launches 10-minute COVID-19 exposure testing device
    Eurofins (Paris:ERF.PA) announced today that it launched its rapid point-of-care testing devices to identify past exposure to COVID-19. The serology-based, finger-prick tests detect antibodies with a sensitivity of 94.5% from 19 days following the onset of symptoms, with results coming in just 10 minutes, according to a news release. Get the full story at our sister site,… […]
  • How is RF technology shaping the future of medtech?
    RF technology, including microwaves, isn’t just about wireless communications or military radar these days. Times Microwave Systems experts point out that it is increasingly important when it comes to medtech. Many medical electronics systems such as magnetic resonance imaging (MRI) systems for cancer detection rely on RF/microwave technology. Times Microwave Systems (Wallingford, Conn.) is hosting… […]
  • Medical device litigation and COVID-19: What you need to know
    The COVID-19 pandemic is creating a new set of medical device litigation challenges — but also a chance for an industry reset. One of Greenberg Traurig’s top medtech litigation lawyers shares her insights. Sara Thompson doesn’t take any guff when she tells people that she defends medical device and pharmaceutical companies from lawsuits. “I say,… […]
  • Mayo Clinic needed to engineer its way through COVID-19: Here’s what they did.
    The health system’s medical and engineering staffs had to devise their own solutions for lab gear, PPE and operating room air decontamination. As COVID-19 settles into several regions of the U.S., healthcare systems that once sat on the sidelines likely will find themselves in the same situation as their counterparts in the Northeast did earlier… […]

Leave a Reply

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us

Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube