March 30, 2016

"Security researchers have discovered 1,418 vulnerabilities in CareFusion’s Pyxis SupplyStation system – automated cabinets used to dispense medical supplies – that are still being used in the healthcare and public health sectors in the US and around the world."

HelpNet Security: The vulnerabilities can be exploited remotely by attackers with low skills, and exploits that target these vulnerabilities are publicly available, ICS-CERT has warned in an advisory. by Zeljka Zorz

'The worst part of it is that the affected versions of the software are at end‑of-life, and won’t be receiving a patch even though they are widely used.

'It’s true that cyber attackers are mostly after healthcare data, as it usually contains the perfect bundle of individuals’ personal information, credit information, and protected health information. It’s also true that healthcare organizations need a healthy dose of investment in technologies in order to prevent successful attacks. It’s understandable that healthcare organizations are currently more concentrated on fending off ransomware, as that will impact their functioning at all levels.

'But with more and more researchers concentrating on finding vulnerabilities in medical devices and systems (systems found exposed online, sporting hard-coded passwords, etc.), it’s becoming obvious that cyber attacks can – and inevitably some day will – result in physical harm.'

No comments: