Alaris Infusion Central, a standalone software — separate from pumps — provides data from the Alaris pumps. It allows healthcare providers to monitor infusion data sent from Alaris Plus and Alaris neXus pumps on a computer. Alaris Infusion Central is not sold in the U.S. Despite similar product family names, the vulnerability does not impact users of the Alaris PCU 8015 or Alaris Systems Manager.
Get the full story at our sister site, Drug Delivery Business News.
Glooko announced today that it received ISO 27001 certification for its data management and remote patient monitoring platforms.
Palo Alto, California-based Glooko develops remote patient monitoring and chronic care management products. These include data management technologies for insulin delivery devices.
ISO 27001, an international compliance framework, serves as the international security standard for protecting customer information.
Get the full story at our sister site, Drug Delivery Business News.
Medtech giant BD today detailed how it has taken proactive steps to ensure medtech cybersecurity in an increasingly critical environment.
“Medical device cybersecurity has become more critical than ever as the number of smart, connected devices grows and healthcare expands into more care settings, including patient homes,” said Rob Suárez, the company’s chief information security officer. The quote was in the BD 2022 Cybersecurity Annual Report published today.
“Ensuring patient privacy in these care settings is critical. At the same time, cybercriminals continue to attack healthcare entities with attempts to extort money, steal intellectual property and cause disruption,” Suárez said.
Ransomware attacks were down by 23% overall during the first half of 2022, but they more than quadrupled in healthcare, according to BD, which cited a SonicWall report. Phishing — which a HIMSS report from …
CISA’s advisory concerns the BD BodyGuard infusion pumps. They may contain a vulnerability in the form of a missing protection mechanism for an alternate hardware interface.
Get the full story at our sister site, Drug Delivery Business News.
BD announced today that it has secured ISO certification for its enterprise-level Information Security Management System.
The Franklin Lakes, New Jersey–based company said the ISMS meets a rigorous set of independently audited international standards. BD says the ISO/IEC 27001:2022 certification demonstrates its commitment to protecting the company, customers and patients from cybersecurity threats.
The International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) established the global ISO/IEC 27001:2022 standard. Certification means an organization is establishing, maintaining and continually improving on its information security systems.
“Cybersecurity continues to be a top priority for Merck and all of health care,” said Michael Harrison, associate director of supplier risk management for Merck.
Harrison added in the BD news release: “As an important supplier to Merck, BD’s ISO 27001 certification demonstra…
BD announced today that it has secured ISO certification for its enterprise-level Information Security Management System.
The Franklin Lakes, New Jersey–based company said the ISMS meets a rigorous set of independently audited international standards. BD says the ISO/IEC 27001:2022 certification demonstrates its commitment to protecting the company, customers and patients from cybersecurity threats.
The International Standards Organization (ISO) and the International Electrotechnical Commission (IEC) established the global ISO/IEC 27001:2022 standard. Certification means an organization is establishing, maintaining and continually improving on its information security systems.
“Cybersecurity continues to be a top priority for Merck and all of health care,” said Michael Harrison, associate director of supplier risk management for Merck.
Harrison added in the BD news release: “As an important supplier to Merck, BD’s ISO 27001 certification demonstra…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today issued a warning on some Baxter (NYSE:BAX) infusion pumps.
Sigma and Baxter Spectrum infusion pumps are included in a CISA notice over remotely exploitable vulnerabilities. Those vulnerabilities include: missing description of sensitive data, use of externally controlled format string and missing authentication for critical functions.
The successful exploitation of the vulnerabilities could allow access to sensitive data. It could also result in the alteration of system configuration.
Get the full story at our sister site, Drug Delivery Business News.
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) today released advisories on two products from BD (NYSE:BDX).
Vulnerabilities with the BD Pyxis automated medication dispensing system and the BD Synapsys microbiology informatics software were voluntarily reported by Franklin Lakes, New Jersey-based BD through the CISA coordinated vulnerability disclosure program.
The BD Pyxis’ vulnerability is labeled as “Not Using Password Aging,” meaning successful exploitation of the vulnerability could allow an attacker to gain access to electronic protected health information (ePHI) or other sensitive information, according to the CISA notice. CISA determined that the vulnerability is exploitable remotely and has low attack complexity.
Specific BD Pyxis products were installed with default credentials and still may operate with such credentials, creating potential scenarios in which those products were installed with the same defa…
Digital VP Tracy Robertson, Digital, Robotics, and Enabling Technologies President Robert Cohen and Surgical Technologies VP of Digital Innovation Siddarth Satish offered their thoughts on industry trends in healthcare and at the Kalamazoo, Michigan–based orthopedic device giant.
It was only the first question posed to the panel yesterday, which also featured Dave Lively — SVP of Product Management, Vocera (now part of Stryker) — and was moderated by Orthopaedics and Spine Group President Spencer Stiles.
Get the full story at our sister site, Medical Design & Outsourcing.
Ventilators were in high demand during the first peaks of the COVID-19 pandemic. (Image from Raumedic)
The FDA today offered a slate of proposed laws for Congress to consider along with the agency’s $8.4 billion budget request for fiscal year 2023.
The legislative wish list includes several proposals that would affect medical device developers, manufacturers and distributors, including cybersecurity requirements for medical devices, mandatory supply chain reporting, remote inspections for FDA-regulated facilities and the destruction of dangerous imports.
Medical device cybersecurityOne proposal would require medical device manufacturers to design cybersecurity into their devices, such as the ability to update and patch software in a timely manner. Manufacturers would also need to provide cybersecurity assurance in premarket submissions, include a Software bill of Materials that tells patients …
The U.S. Cyber Security & Infrastructure Security Agency (CISA) today issued a notice regarding the e-Alert system from Royal Philips (NYSE:PHG).
CISA called attention to the e-Alert MRI system monitoring platform (version 2.7 and prior) and a potential vulnerability related to “missing authentication for critical function.”
According to the CISA notice, successful exploitation of the vulnerability — in which the software does not perform any authentication for critical system functionality — could allow an unauthorized actor to remotely shut down the system if on the healthcare facility’s network.
Philips plans a new release to remediate the vulnerability before July 2022. For interim mitigation to the vulnerability, Philips recommends that users operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls, with only authorized personnel permitted to access th…
Photo by Edward Jenner from Pexels
For pharmaceutical companies, cyberattacks can get expensive quickly.
In 2021, the average cost of a data breach was $5 million, which is the third-highest of any industry, according to the IBM Cost of a Data Breach report.
Cyberattacks can also cause operational disruptions. For example, in 2017, Merck & Co. (NYSE: MRK) struggled to keep up with demand for hepatitis B vaccine because it was a victim of Notpetya ransomware. Merck estimated the damages from that attack to be roughly $1.4 billion.
Breaches in the pharma industry are rampant, concludes a recently published report from the cybersecurity firm Constella (Los Altos, California), which analyzes data exposures, breaches and leakages within the industry from January 2018 to September 2021. In that time frame, the company identified 9,030 breaches or leakages and more than 4,500,000 exposed record…