MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » Feds flag BD’s Alaris pumps for cybersecurity issues

Feds flag BD’s Alaris pumps for cybersecurity issues

By

Becton DickinsonBecton Dickinson (NYSE:BDX) last week issued a notice to warn on potential vulnerabilities with its Alaris infusion pumps.

The notification applies to BD’s Alaris PC unit, model 8015, versions 9.33.1 and earlier, as well as the Alaris systems manager, versions 4.33 and earlier, according to a news release.

BD was made aware of a network session vulnerability within the authentication process between specified versions of the Alaris PC unit and systems manager. The vulnerability could allow an unauthorized user to establish a direct networking session between the two products if exploited. The company has received no reports of exploits related to the vulnerability. Medigate reported the vulnerability to BD.

In order to exploit the vulnerability, the user would need access to the customer’s wireless network, redirect the PC unit’s authentication requests with a custom code and complete an authentication handshake, BD said. If successful, the user could deny service on the PC unit by modifying the configuration headers of data in transit, potentially causing a drop in the wireless capability of the unit.

Potential impacts include the inability to pre-populate the Alaris PC unit with infusion parameters and the inability to wirelessly send data to the PC unit. However, exploitation would not provide administration access to either affected products, meaning an unauthorized user would not be able to gain permissions or perform remote commands.

BD is addressing the vulnerability with an upcoming version of the PC unit software along with Alaris systems manager v12.0.1, v12.0.2, v12.1.0 and v12.1.1.

More than 60% of systems manager installations have already been updated to a version that addresses the vulnerability, according to BD, which recommends that customers enable the firewall on the systems manager, while the systems manager should be considered a critical service and be operated on a secured network.

BD has had to grapple not only with the effects of the COVID-19 pandemic but also with a hold on shipments of its Alaris infusion pumps as it prepares a comprehensive 510(k) submission for FDA that covers a host of software fixes needed after a Class I recall.  The company expects to submit the 510(k) in late Q2 or early Q3 (around spring 2021), CEO Thomas Polen said during a Nov. 5 earnings call.

In case you missed it

RSS From Medical Design & Outsourcing

  • Instron launches Bluehill Central lab management software
    Instron announced today that it launched the Bluehill Central lab management solution for Bluehill Universal software. Norwood, Massachusetts-based Instron’s Bluehill Central platform allows lab managers to remotely manage all test systems running Bluehill Universal, regardless of the number of systems and regardless of their location around the world, according to a news release. The company… […]
  • Lenovo, LG to collaborate on radiology technology
    Lenovo and LG announced today that they are collaborating on new medical imaging solutions to aid the radiology community. According to a news release, the companies will work together to bundle LG’s high-performance medical monitors with the Lenovo original equipment manufacturer (OEM) solutions commercial third-party portfolio of offerings. Get the full story at our sister… […]
  • Baxter, 3M, Abbott near the top of Newsweek’s most responsible companies list
    Several medtech, healthcare and life sciences companies, including big names like Abbott (NYSE:ABT), 3M (NYSE:MMM) and Baxter (NYSE:BAX), are among the 500 “most responsible,” according to Newsweek. The outlet published its “America’s Most Responsible Companies 2022” list, marking the third installment of the compilation (in partnership with Statista), this time expanded to include 500 of the largest public corporations around. Companies were judged with… […]
  • HHS reports 63-fold increase in telehealth use during pandemic
    A new study from the U.S. Department of Health and Human Services found a 63-fold increase in Medicare telehealth use during the COVID-19 pandemic. The report analyzed Medicare fee-for-service data from 2019 and 2020 and highlighted that people in urban areas were more likely to seek and use telehealth services than rural residents. In addition,… […]
  • Carlyle makes a significant investment in Resonetics
    Carlyle-managed funds have acquired a significant interest in medical device contract manufacturer Resonetics. Today’s announcement did not include the investment size, but the deal values Nashua, New Hampshire–based Resonetics at roughly  $2.25 billion. Carlyle joins existing investor GTCR as a meaningful shareholder in the company. Resonetics focuses on producing highly technical components for medical device… […]
  • Interpreting Pump Performance Curves
    Reading pump performance curves is crucial to proper pump selection. This piece reviews the creation and use of diaphragm pump performance curves to determine flow at given vacuum or pressure conditions. Included is a lesser-known method to interpolate pump performance when flow restrictions exist on both the inlet and outlet sides of the pump. Download… […]
  • BD elaborates on diversity and equity goals
    BD (NYSE:BDX) earlier this week outlined its efforts this year related to global inclusion, diversity and equity. Franklin Lakes, New Jersey-based BD released its 2021 Global Inclusion, Diversity and Equity (ID&E) Report, highlighting the progress it’s made in human health as part of its environmental, social and governance (ESG) strategy, according to a news release.… […]
  • How to protect medical devices from hidden cybersecurity risks
    Your software supply chain could be a cybersecurity risk. Here’s what you can do. Vince Arneja, GrammaTech The healthcare industry has been fighting a war on two fronts during the COVID-19 pandemic against the virus and an outbreak of cyberattacks. The Department of Health and Human Services says the sector reported a 9,851% increase in… […]
  • Integer completes $220M Oscor acquisition
    Integer Holdings (NYSE: ITGR) announced today that it has completed its purchase of Oscor — a deal that expands the capabilities of what was already one of the world’s largest medtech contract manufacturers. Integer said the acquisition would cost $220 million when it first announced its plans in October. Oscor is the creator and marketer… […]
  • Respira Labs seeks FDA clearance for its wearable lung monitor
    Respira Labs recently announced that it has developed a wearable device that continuously assesses lung function without the need for traditional pulmonary function tests. Mountain View, California-based Respira Labs designed its Sylvee wearable initially to assess chronic obstructive pulmonary disease, COVID-19 and asthma patients. It is embedded with speakers and microphones that measure the change… […]
  • Owen Mumford starts work on new production center in U.K.
    Owen Mumford this week announced that it has started building its new production facility in Witney, Oxfordshire in the U.K. Owen Mumford’s new Witney facility will stand as a production site for the company’s recently launched, next-generation auto-injector Aidaptus. The company has decades of experience creating its own drug delivery, blood sampling and rapid diagnostic… […]