1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Thousands of medical pumps could be vulnerable to dangerous secur

    From TechnologyDaily@1337:1/100 to All on Thu Mar 3 17:00:04 2022
    Thousands of medical pumps could be vulnerable to dangerous security bugs

    Date:
    Thu, 03 Mar 2022 16:38:26 +0000

    Description:
    More than half of infusion pumps have the same, unpatched vulnerability, experts warn.

    FULL STORY ======================================================================

    Tens of thousands of smart medical infusion pumps are carrying known flaws
    and are vulnerable to data exfiltration and other attacks, experts have claimed.

    Cybersecurity researchers from Palo Alto Networks recently examined 200,000 internet-connected infusion pumps and found that three quarters (75%) are running with known security issues.

    Furthermore, between 30,000 and 100,000 devices are vulnerable to various critical security flaws, whose average severity hovers around 9.8 out of 10. TechRadar needs you!

    We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

    Click here to start the survey in a new window << Updating the inventory list

    The most prevalent of all vulnerabilities, the report adds, is
    CVE-2019-12255, a memory corruption bug in the VxWorks real-time operating system (RTOS). This one was found in more than half (52 percent) of all infusion pumps, or 104,000 endpoints .

    In total, 11 vulnerabilities were labeled as urgently needs addressing.

    The problem, however, doesnt seem to be with the device manufacturers. The fixes for most of these vulnerabilities have been available for quite some time now. The problem is in the operators who arent updating them or managing them in a timely fashion.

    The bugs carry a wide variety of dangers, the publication further states,
    from unauthorized cleartext data transmission, to hardcoded credentials and incorrect permissions.

    For some of the vulnerabilities, there are no patches yet, but mitigations
    are available. Read more

    Red Cross leads call to halt healthcare cyberattacks


    Healthcare is an attractive target for disruptive or destructive
    cyberattacks


    Red Cross hit by cyberattack from state-sponsored hackers

    Discussing the findings in a blog post, Palo Alto Networks urged all healthcare providers to be more proactive with their cybersecurity
    strategies, and make sure their devices are safe from malware and other threats. For starters, they should keep an updated inventory of all the endpoints found on their network.

    While some of the flaws found in the devices are not practical, they are a "risk to the general security of healthcare organizations and the safety of patients, Palo Alto concluded.

    Healthcare providers are often in threat actors crosshairs, as the
    sensitivity of the data they generate makes them a lucrative ransomware target. Here's our list of the best firewalls available today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/thousands-of-medical-pumps-could-be-vulnerable- to-dangerous-security-bugs/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)