Vulnerabilities in Over 100k Medical Infusion Pumps
Palo Alto Networks’ Unit 42 has found that most smart medical infusion pumps are vulnerable to attack via known security flaws. Smart infusion pumps connect to networks to provide medication delivery to patients. The pumps use a combination of computer technology and drug libraries to administer the meds. In addition, the pumps limit the potential for dosing errors by reducing the possibility of human error. Unit 42 reviewed crowdsources data from scans of more than 200,000 infusion pumps connected to the networks of hospitals and other healthcare organizations. According to the researchers, security flaws were detected in 75% of the medical devices.
Included in the affected medical devices were roughly 40 known cybersecurity vulnerabilities and 70 different types of known security shortcomings. Perhaps the most shocking find was that 52% of all infusion pumps scanned were susceptible to the same two vulnerabilities disclosed in 2019, one of which boasting a “critical” severity score and the other “high.” Unit 42 advises that healthcare organizations ensure that they have maintained proper security. If hacked, the devices could be used for activities that would harm patients, such as altering medication dosage in an extreme case. Palo Alto states that devices that cannot be updated should be replaced.