MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Feds flag BD’s Alaris pumps for cybersecurity issues

Feds flag BD’s Alaris pumps for cybersecurity issues

By

Becton DickinsonBecton Dickinson (NYSE:BDX) last week issued a notice to warn on potential vulnerabilities with its Alaris infusion pumps.

The notification applies to BD’s Alaris PC unit, model 8015, versions 9.33.1 and earlier, as well as the Alaris systems manager, versions 4.33 and earlier, according to a news release.

BD was made aware of a network session vulnerability within the authentication process between specified versions of the Alaris PC unit and systems manager. The vulnerability could allow an unauthorized user to establish a direct networking session between the two products if exploited. The company has received no reports of exploits related to the vulnerability. Medigate reported the vulnerability to BD.

In order to exploit the vulnerability, the user would need access to the customer’s wireless network, redirect the PC unit’s authentication requests with a custom code and complete an authentication handshake, BD said. If successful, the user could deny service on the PC unit by modifying the configuration headers of data in transit, potentially causing a drop in the wireless capability of the unit.

Potential impacts include the inability to pre-populate the Alaris PC unit with infusion parameters and the inability to wirelessly send data to the PC unit. However, exploitation would not provide administration access to either affected products, meaning an unauthorized user would not be able to gain permissions or perform remote commands.

BD is addressing the vulnerability with an upcoming version of the PC unit software along with Alaris systems manager v12.0.1, v12.0.2, v12.1.0 and v12.1.1.

More than 60% of systems manager installations have already been updated to a version that addresses the vulnerability, according to BD, which recommends that customers enable the firewall on the systems manager, while the systems manager should be considered a critical service and be operated on a secured network.

BD has had to grapple not only with the effects of the COVID-19 pandemic but also with a hold on shipments of its Alaris infusion pumps as it prepares a comprehensive 510(k) submission for FDA that covers a host of software fixes needed after a Class I recall.  The company expects to submit the 510(k) in late Q2 or early Q3 (around spring 2021), CEO Thomas Polen said during a Nov. 5 earnings call.

In case you missed it

RSS From Medical Design & Outsourcing

  • 5 medtech companies win coveted Tekne awards
    Five medtech companies recently won some of the top technology awards in the state of Minnesota, known as one of three major medical device hubs in the U.S. The companies competed for the Minnesota Technology Association annual Tekne Awards, which included categories ranging from artificial intelligence and machine learning to “technology for good.” “The Tekne… […]
  • Spectrum Plastics acquires PeelMaster Medical
    Spectrum Plastics Group announced that it has closed on the acquisition of PeelMaster Medical Packaging. Based in Niles, Ill., PeelMaster is a full-service converter of sterile flexible packaging to the medical device market. Founded in 1989, PeelMaster produces pouches, header bags and die-cut lids for medical applications. PeelMaster has been an authorized converter of DuPont… […]
  • The best places to work for medtech sales reps
    Teleflex (NYSE:TFX), ConMed (NSDQ:CNMD) and orthopedic fixation company Acumed top the list of best places to work in medtech sales in the coming year, according to a MedReps.com survey of medical sales representatives. The 10th annual MedReps survey polled more than 2,000 medical sales professionals in October 2020 to get a better understanding of what employees look for… […]
  • Researchers tout probes for validating rapid COVID-19 tests
    Nanoengineers at the University of California San Diego have developed probes that they say could make validating rapid, point-of-care COVID-19 tests easier. The probes, called “positive controls,” are made from virus-like particles and are stable and easy to manufacture, according to a news release. The researchers at UCSD believe the positive controls can improve the… […]
  • How ResMed is advancing sleep and respiratory care
    The COVID-19 pandemic’s propulsion of widespread telehealth adoption has ResMed (NYSE:RMD) eyeing remote technologies for the next phase of its sleep and respiratory businesses. The president of that business for the San Diego-based company, Jim Hollingshead, told Medical Design & Outsourcing in a recent interview that the future lies with remote care and digital health offerings. “Right… […]
  • Stricter Documentation Requirements Pose New Challenges for Medical Device Manufacturers
    By Maurizio Lauria, Brand Manager, STEUTE Meditech Inc. New European guidelines and standards have greatly increased the testing and documentation required in order to introduce a new medical device, making the process even more complex and time-consuming for medical device manufacturers. Additionally, these standards apply not only to the device itself but the user interface,… […]
  • Tips to help bring your medical device from mind to market
    By Bret Ludwig, Ph.D. Senior Product Development Specialist, 3M Medical Materials & Technologies Great medical devices start with an idea—a spark. And from there, it might move to the back of a napkin or a notepad. But as development continues, the process can get trickier and more complex. In fact, turning an idea into a… […]
  • FDA allows dry heat treatment for single-user mask reuse
    The FDA has announced that it will allow the use of dry heat to lower the bioburden on masks used by healthcare workers treating COVID-19 patients. While not authorizing equipment made by a particular company, guidance released last week said healthcare providers may use dry heat to reprocess NIOSH-approved filtering facepiece respirators, such as N95s,… […]
  • Mass General researchers tout low-cost, portable brain imaging scanner
    Researchers at Massachusetts General Hospital are touting a low-cost, portable “head only” MRI scanner that could be used in multiple settings. As opposed to standard costly, immobile MRI scanners that require special infrastructure, the MGH researchers developed a low-cost, compact, portable and low-power scanner that could be mounted in an ambulance, wheeled into a patient’s… […]
  • HHS confirms involvement in presidential transition process
    U.S. Health and Human Services Dept. Secretary Alex Azar confirmed that HHS is working with president-elect Joe Biden on a presidential transition. Speaking during a press briefing, Azar said HHS is in contact with the transition team after the General Services Administration formally recognized Biden as the president-elect, having previously sidestepped questions regarding the potential… […]
  • Swiss scientists make ‘micromachines’ for self-deploying stents and more
    Researchers in Zurich reported today that they have invented a manufacturing technique to build “micromachines” out of metal and plastic in which these two materials are interlocked as closely as links in a chain. These robots are so tiny that they can maneuver through blood vessels and deliver medications to certain points in the body… […]