• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Advertise
  • Subscribe

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
  • Technologies
    • Artificial Intelligence (AI)
    • Cardiovascular
    • Orthopedics
    • Neurological
    • Diabetes
    • Surgical Robotics
  • Business & Finance
    • Wall Street Beat
    • Earnings Reports
    • Funding Roundup
    • Mergers & Acquisitions
    • Initial Public Offering (IPO)
    • Legal News
    • Personnel Moves
    • Medtech 100 Stock Index
  • Regulatory & Compliance
    • Food & Drug Administration (FDA)
    • Recalls
    • 510(k)
    • Pre-Market Approval (PMA)
    • MDSAP
    • Clinical Trials
  • Special Content
    • Special Reports
    • In-Depth Coverage
    • DeviceTalks
  • Podcasts
    • MassDevice Fast Five
    • DeviceTalks Weekly
    • OEM Talks
      • AbbottTalks
      • Boston ScientificTalks
      • DeviceTalks AI
      • IntuitiveTalks
      • MedtechWOMEN Talks
      • MedtronicTalks
      • Neuro Innovation Talks
      • Ortho Innovation Talks
      • Structural Heart Talks
      • StrykerTalks
  • Resources
    • About MassDevice
    • DeviceTalks
    • Newsletter Signup
    • Leadership in Medtech
    • Manufacturers & Suppliers Search
    • MedTech100 Index
    • Videos
    • Webinars
    • Whitepapers
    • Voices
Home » Feds flag BD’s Alaris pumps for cybersecurity issues

Feds flag BD’s Alaris pumps for cybersecurity issues

November 16, 2020 By Sean Whooley

Becton DickinsonBecton Dickinson (NYSE:BDX) last week issued a notice to warn on potential vulnerabilities with its Alaris infusion pumps.

The notification applies to BD’s Alaris PC unit, model 8015, versions 9.33.1 and earlier, as well as the Alaris systems manager, versions 4.33 and earlier, according to a news release.

BD was made aware of a network session vulnerability within the authentication process between specified versions of the Alaris PC unit and systems manager. The vulnerability could allow an unauthorized user to establish a direct networking session between the two products if exploited. The company has received no reports of exploits related to the vulnerability. Medigate reported the vulnerability to BD.

In order to exploit the vulnerability, the user would need access to the customer’s wireless network, redirect the PC unit’s authentication requests with a custom code and complete an authentication handshake, BD said. If successful, the user could deny service on the PC unit by modifying the configuration headers of data in transit, potentially causing a drop in the wireless capability of the unit.

Potential impacts include the inability to pre-populate the Alaris PC unit with infusion parameters and the inability to wirelessly send data to the PC unit. However, exploitation would not provide administration access to either affected products, meaning an unauthorized user would not be able to gain permissions or perform remote commands.

BD is addressing the vulnerability with an upcoming version of the PC unit software along with Alaris systems manager v12.0.1, v12.0.2, v12.1.0 and v12.1.1.

More than 60% of systems manager installations have already been updated to a version that addresses the vulnerability, according to BD, which recommends that customers enable the firewall on the systems manager, while the systems manager should be considered a critical service and be operated on a secured network.

BD has had to grapple not only with the effects of the COVID-19 pandemic but also with a hold on shipments of its Alaris infusion pumps as it prepares a comprehensive 510(k) submission for FDA that covers a host of software fixes needed after a Class I recall.  The company expects to submit the 510(k) in late Q2 or early Q3 (around spring 2021), CEO Thomas Polen said during a Nov. 5 earnings call.

Filed Under: Big Data, Drug Pumps, Drug-Device Combinations, Featured, Health Technology, Recalls, Regulatory/Compliance, Software / IT Tagged With: becton dickinson, Cybersecurity

More recent news

  • Neuralink files to raise $649M in new equity offering
  • BofA: Surgical robot remanufacturing not a major setback for Intuitive
  • InspireMD wins CE Mark approval for CGuard Prime
  • Philips reports first cases for VeriSight Pro 3D ICE catheter in Europe
  • Ceryx Medical raises $15M to support bioelectronic pacemaker

About Sean Whooley

Sean Whooley is an associate editor who mainly produces work for MassDevice, Medical Design & Outsourcing and Drug Delivery Business News. He received a bachelor's degree in multiplatform journalism from the University of Maryland, College Park. You can connect with him on LinkedIn or email him at [email protected].

Primary Sidebar

“md
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest med device regulatory, business and technology news.

DeviceTalks Weekly

See More >

MEDTECH 100 Stock INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion
Drug Discovery & Development
Pharmaceutical Processing World
MedTech 100 Index
R&D World
Medical Design Sourcing

DeviceTalks Webinars, Podcasts, & Discussions

Attend our Monthly Webinars
Listen to our Weekly Podcasts
Join our DeviceTalks Tuesdays Discussion

MASSDEVICE

Subscribe to MassDevice E-Newsletter
Advertise with us
About
Contact us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy