Baxter Infusion Pump & Other Medical Device Security News
The Lyon Firm is reviewing widespread medical device cybersecurity, medical technology defects and Baxter Infusion Pump vulnerabilities.
According to new reports, certain Baxter medication infusion pump models could compromise a hospital’s biomedical network.
The alleged security flaws are risks to the entire healthcare industry , and underscore the security risks posed by connected medical devices.
Baxter Infusion Pump Security Flaws
The identified vulnerabilities in the Baxter Sigma Spectrum Infusion Pump and Sigma Wi-Fi Battery Modules present opportunities for a hacker to enter a hospital’s biomed network. Network credentials stored on an affected infusion pump Wi-Fi card and network-connected batteries could potentially be exploited.
As a result, hackers could make out with the proper credentials to gain access to the healthcare system’s Wi-Fi network. The Baxter product in question fails to encrypt sensitive data, and is missing authentication for critical function.
Baxter has said it is now offering software updates and different batteries to address the security issues.
Medical Device Data Theft & Medical Technology Security
The FBI has recently identified a rising number of vulnerabilities posed by unsecured medical devices that run on old software and devices that lack basic security features.
Thus, threat actors have an open invitation to exploit these medical device vulnerabilities, and target healthcare facilities’ data. The vulnerabilities originate with the device hardware design and software management.
Medical device hardware can remain active for 10-30 years, but is generally only safe if the software is frequently updated. Even software a few months old can present security issues. The FBI report stated the following concerns:
- Devices are used with a manufacturer’s default configuration and can be exploitable
- Devices with customized software require special upgrading, and such maintenance can easily be delayed
- Devices may not be designed with any security whatsoever in mind
In 2022, a research report conducted by a cybersecurity firm found 53% of connected medical devices and other internet of things (IoT) devices in hospitals had known critical vulnerabilities. Approximately one third of healthcare IoT devices have an identified critical risk potentially implicating technical operation and functions of medical devices.
According to a report in mid-2022 conducted by a healthcare cybersecurity analyst, medical devices that are susceptible to cyber attacks include insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers, and intrathecal pain pumps.