Becton Dickinson found a vulnerability in its Pyxis drug dispensing cabinets that allows hackers to use expired credentials to gain access to patients' data and medication information, according to the HIPAA Journal.
The bug affects Pyxis ES versions 1.3.4 to 1.6.1 and Pyxis Enterprise Server with Windows versions 4.4 through 4.12.
Becton Dickinson said the vulnerability allowed a hacker or unauthorized party to use the credentials of a previous user to gain entry into the device, the HIPAA Journal reports. Hospitals that do not leverage the device's Active Directory domain are not affected.
After reporting the vulnerability to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, the flaw was given a 7.6 score out of 10. This was because the bug can be remotely exploitable with a low level of skill.
Becton Dickinson has released a patch for the vulnerability. The company said only a limited number of hospitals will be affected, reports the HIPAA Journal.