Upcoming Webinars Archived Webinars Training Vitals Host A Webinar About Get Updates Contact

US Homeland Security Issues Warning About Cybersecurity Vulnerabilities With Supply Management System

XTALKS VITALS NEWS

Supply Management System

The Pyxis SupplyStation – designed to dispense medical supplies based on fingerprint identification of authorized personnal – was evaluated by independent researchers who found that the system could be accessed remotely.

Share this!

April 6, 2016 | by Sarah Massey, M.Sc.

The US Department of Homeland Security released an advisory regarding newly-discovered cybersecurity vulnerabilities in a Becton, Dickinson and Company (BD) supply management system. The Pyxis SupplyStation – designed to dispense medical supplies based on fingerprint identification of authorized personnal – was evaluated by independent researchers who found that the system could be accessed remotely.

According to the agency, they will not be developing a patch to fix the issue as the affected systems are nearing the end of their product lifespan. Two independent researchers – Billy Rios and Mike Ahmadi – identified the issue in collaboration with the BD-owned subsidiary, CareFusion.

The independent researchers identified the security vulnerabilities using a system purchased from a retailer specializing in selling decommissioned units. The weak points were identified using an automated software composition analysis tool.

CareFusion has presented a number of ways for institutions to minimize exploitation risk of the Pyxis SupplyStation systems. The company was acquired by BD in 2015 in a $12.2 billion agreement.



The researchers identified over 1,400 different vulnerabilities across seven third-party vendor software packages. In all, 86 files were affected by the cybersecurity risk, and CareSystem no longer provides support for these supply management systems.

CareFusion’s main recommendation for facilities who are using the affected systems, is to disconnect the Pyxis SupplyStation from the internet. If remote access is required, they recommend closely monitoring traffic to the device through a virtual private network.

“Exploitation of these vulnerabilities may allow a remote attacker to compromise the Pyxis SupplyStation system,” said the US Department of Homeland Security. “The SupplyStation system is designed to maintain critical functionality and provide access to supplies in 'fail-safe mode' in the event that the cabinet is rendered inoperable. Manual keys can be used to access the cabinet if it is rendered inoperable.”


Keywords: Cybersecurity, Medical Supply, Supply Management System


| NEXT ARTICLE | MORE NEWS | BLOGS | VIDEOS | POLLS & QUIZZES | WEBINARS |

Share this with your colleagues!

READ THESE NEXT
Bioengineered Skin Displays Characteristics Of Integumentary Organ System

April 5, 2016 - Japanese scientists have performed a skin transplant on mice using 3-D bioengineered tissue generated from pluripotent stem cells.


Contaminated Heparin May Still Be On The US Market

April 4, 2016 - While the alleged contamination is different from the earlier case, some members of congress are criticizing the US Food and Drug Administration (FDA) for failing to prevent the current issue.


Medtronic’s PillCam Receives FDA Clearance For High-Risk Patients

April 4, 2016 - Ireland-based Medtronic has gained additional US Food and Drug Administration (FDA) approval for their PillCam COLON 2 ingestible capsule.

 
THE XTALKS VITALS LIFE SCIENCE BLOG

CAR-T and Bispecifics: Powerful Immunotherapy With Profound Challenges

REGISTER FOR THESE WEBINARS

Copyright © 2016-2017 Honeycomb Worldwide Inc.