Security flaws have been detected in medical devices ranging from pacemakers to insulin pumps to mammography machines to monitors. Using flaws in the infusion pump hackers are found to increase the dose of medication. The B. Braun Infusomat Space Large Volume Pump and B. Braun SpaceStation, a popular infusion pump, and dock are the latest additions to that ignoble list.
When used with an intravenous fluid bag, infusion pumps automate the delivery of drugs and nutrients into patients’ bodies. As a result, the stakes are enormous when problems do occur. When it came to infusion pumps between 2005 and 2009, for example, the FDA received around 56,000 reports of “adverse events,” which included “many injuries” and “deaths.” As result, Therefore, products such as the B. Braun Infusomat Space Large Volume Pump rely on software that is tightly restricted; there should be no way of directly controlling the gadgets. It took some time, but the security firm McAfee Enterprise’s experts eventually found a way.
In the end, Steve Povolny, leader of McAfee’s Advanced Threat Research group, uncovered the worst-case scenario. SpaceStation and the pump operating system are separate systems that should not be accessible to an attacker. As a result, we were able to double the flow.
By exploiting a common networking weakness, an attacker with access to a hospital’s network might take control of a SpaceStation. To transmit the medication-doubling command, they had to exploit four additional weaknesses in sequence. As a result, the whole attack isn’t easy to execute in practice and requires that initial footing in a medical facility.
The business stated in the statement that the best approach to keep devices secure is to use the newest versions of its software issued in October. Other network security mitigations, such as segmentation and multifactor authentication, are also recommended.
WIRED was informed by B. Braun that the vulnerabilities are “related to a small number of devices employing older versions of B. Braun software” and that the business has not seen any evidence that the vulnerabilities had been exploited yet.
According to the business, “we strongly disagree with McAfee’s description in its post that this is a “realistic situation” where patient safety is in danger.”
Although the majority of the issues haven’t been corrected in existing products, McAfee researchers point out that most of them. As a result, B. Braun’s SpaceStations have been updated to include a new version without the susceptible networking.