Cybersecurity researchers recently tested a popular infusion pump and dock and found that the device has certain vulnerabilities that could allow hackers to exploit its medication dosing functions, Wired reported Aug. 24.
Researchers from the McAfee Enterprise security firm discovered that a hacker could potentially manipulate the B. Braun Infusomat Space Large Volume Pump and B. Braun SpaceStation infusion pump and dock to administer a double dose of medication to victims.
While it is supposed to be impossible to send these infusion pump devices commands directly, McAfee researchers found ways to get around the barrier, according to the report. The researchers discovered that an attacker with access to a healthcare facility's network could take control of a SpaceStation by exploiting a common connectivity vulnerability. The hacker could then exploit four other flaws in sequence to send the medication-doubling command, according to the report.
"Successful exploitation of these vulnerabilities could allow a sophisticated attacker to compromise the security of the Space or compact plus communication devices," B. Braun wrote in a security alert to customers, "allowing an attacker to escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution," the publication reported.
B. Braun also said a hacker could alter the connected infusion pump's configuration, which can control the rate of infusions. It recommended that organizations using the devices have the latest versions of its software, released last October, to keep their devices secure and that customers implement additional network security measures such as multifactor authentication.
In a statement to Wired, B. Braun said the vulnerabilities are "tied to a small number of devices utilizing older versions of B. Braun software" and that it has not found any evidence that the vulnerabilities have been exploited.