A technology used by more than 3,000 hospitals across the globe for delivering medications, blood and other lab samples is at a significant risk of being hacked, CyberScoop reported Aug. 3.
Researchers from Armis, a Palo Alto, Calif.-based security vendor, discovered nine critical vulnerabilities that allow for a complete hijacking of the Translogic Nexus Control Panel, which powers the Translogic pneumatic tube systems from Swisslog Healthcare.
More than 80 percent of hospitals in North America — and more than 3,000 hospitals across the world — use the tube system, according to the Aug. 2 Armis report. The researchers said that the vulnerability could be used to fuel ransomware attacks against the delivery system, which could affect hospital functions. Hackers also could infiltrate the system to leak sensitive medical data.
Five of the vulnerabilities, which researchers named "PwnedPiper," can be used to access a hospital's network and take over a Nexus control panel station without proper verification. There is no evidence that attackers have exploited the software issue yet, according to the report.
Armis informed Swisslog of the vulnerabilities May 1 and has been working with the company to fix the issue. Swisslog said seven of the identified vulnerabilities have been removed in a recent software update and that it has adjustments to resolve one of the remaining vulnerabilities.