shutterstock 2007439868 e1717670413163

The Health Sector Cyber ​​Coordination Center of the US Department of Health and Human Services has alerted healthcare organizations to serious security issues in two Baxter medical device products, the Baxter Welch Allen Configuration Tool, and the Baxter Welch Allen Conex Spot Monitor (CSM).

This follows two ICS medical advisories for Baxter products from the Cybersecurity and Infrastructure Security Agency (CISA), which identified a “high” risk associated with the flaws. If someone exploits these flaws, they can gain access to sensitive information such as passwords or change important settings and software on devices. This tampering can compromise equipment and disrupt patient care.

The first vulnerability, CWE-522, involves insecure handling of passwords, making them easy targets for hackers. The second, CWE-1394, involves the use of pre-set encryption keys that can easily lead to system breaches if not changed.

Baxter advises that passwords used with the configuration tool should be changed immediately to prevent potential problems. Although no attacks have been reported yet, Baxter plans to release a fix for the issue by Q3 2024. CISA said the Welch Allen configuration tool has been removed from public access.

The Baxter Welch Allyn CSM is a device used to measure and monitor patients’ vital signs, including blood pressure, temperature, and pulse rate in a clinical setting. The Configuration Tool is a software tool used to configure and manage Welch Allen medical devices.

In September 2022, cybersecurity software developers Fast 7 Several potential vulnerabilities were discovered in Baxter’s Sigma Spectrum infusion pumps. Security flaws included a lack of encryption, potential network disruptions, and the ability to remotely break wireless battery modules — allowing hackers to gain access to sensitive patient data or change device settings. .

Access the most comprehensive company profiles on the market, powered by GlobalData. Save hours of research. Gain a competitive edge.

company profile unit

Company Profile – Free Sample

Your download email will arrive shortly.

We believe in the unique quality of our company profiles. However, we want you to make the best decision for your business, so we offer a free sample that you can download by submitting the form below.

By Global Data

Visit us. Privacy Policy For more information about our services, how we may use, process and share your personal data, including information on your rights regarding your personal data and how you can unsubscribe from future marketing communications. can do Our Services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Cybercrime involving hospitals and healthcare. On the rise during the last decade. According to a report released by the US Federal Bureau of Investigation (FBI), there were 210 ransomware attacks on healthcare facilities in 2022, doubling the overall rate of cyber attacks in 2023 from 2021. A report At GlobalData’s Medical Intelligence Center, the global cybersecurity market is forecast to be worth $334bn by 2030, growing at a compound annual growth rate (CAGR) of 10% between 2022 and 2030.

According to global data analyst Alexandra Murdoch, investing in cybersecurity measures is the best way for medical device companies to defend themselves against cyber threats.

Source link