Security vulnerabilities are found to be a nuisance for the healthcare industry. Many medical devices, such as ultrasounds, mammography machines, pacemakers, and other equipment can be easily controlled by hackers.

The latest batch of devices to be involved in the scheme are B.Braun's SpaceStation and Infusomat Space Large Volume Pump, the company's dock and infusion pump, respectively.

The flaws were discovered by cybersecurity firm McAfee.

Infusion Pumps Vulnerabilities Can Affect Doses of Medication 

Coronavirus Hospitalizations On The Rise In Texas After Thanksgiving
(Photo : Go Nakamura/Getty Images)
HOUSTON, TX - DECEMBER 07: IV pumps and electro-cardiogram machines are seen in a patient's room in the COVID-19 intensive care unit (ICU) at the United Memorial Medical Center on December 7, 2020 in Houston, Texas. Texas has exceeded more than 1.35 million cases of Covid-19, with more than 23,200 deaths.

According to Wired on Tuesday, Aug. 24, the infusion pumps from the German pharmaceutical firm were spotted to be vulnerable to security flaws. 

These IV pumps are responsible for bringing nutrients and medications to the patients. The healthcare expert uses it to inject small medication doses with ease.

However, the FDA issued a report about the dangers related to infusion jumps. From 2005 to 2009, the agency said that there was a crackdown with regards to these medical devices.

B.Braun Infusomat Space Large Volume Pump was affected by the implementation in 2010 as a result. Apparently, McAfee said that the security vulnerabilities can double the medication doses through the infusion pump

McAfee's head of Advanced Threat Research Group, Steve Povolny, announced that the problem behind this issue is the ability of the hackers to access the SpaceStation and the infusion pump.

According to the findings, the flaws involved doubling the medication doses. McAfee said that exploiting the medical device is not an easy task to do.

In an official statement by B. Braun for its customers, the attacker could have full control of the "compactplus communication" devices or Space. This would allow the hackers to steal confidential information and upload important files.

In addition to what the hackers can do, they could also demonstrate a remote code execution to alter the rate of infusions.

B.Braun Recommends Using the Latest Software For Medical Devices

The medical firm stated that to stay protected against the threats of hackers, it is recommended to use the most updated versions of the software. Furthermore, B.Braun also suggested that users should be aware of multifactor authentication, segmentation, and other security mitigation methods.

It appears that an increasing number of devices suffering from vulnerabilities have outdated versions. 

According to McAfee researchers, the hackers can gain access to the SpaceStation by installing a bug. There are four vulnerabilities involved in the exploitation of the infusion pump and dock.

What happened to B.Braun was not the first time that hackers exploited the IV pumps. In 2016, insulin pumps were found out to be vulnerable to cyberattacks

There was a possibility that hackers might exploit the device to overdose the diabetic patients using the insulin.

Read Also: 'Flubot' Malware Hits Australians Looking For Announcements For COVID Tests, Vaccination Appointments--Here Are Some Reminders About it

FDA Cautions Healthcare Sector About Medical Device Hacking

In 2016, FDA warned that hackers have already infiltrated medical devices, such as artificial pacemakers. As more medical facilities relied on the use of technology, the attackers took the opportunity to steal data from the sector. 

Besides the loss of records and information, the threat could be fatal to the patients since they depend on implantable devices that can be hacked.

The healthcare systems should also be knowledgeable about the vulnerabilities surrounding the Internet of Medical Things (IoMT) devicesTo prevent this from happening, the facilities should implement strong passwords, device patching, network segmentation, active monitoring, and even assigning an IT professional.

Related Article: FDA Warns Against Hacking Medical Devices Like Artificial Pacemakers: New Cybersecurity Guidelines Set

This article is owned by Tech Times

Written by Joseph Henry

ⓒ 2021 All rights reserved. Do not reproduce without permission.