Search This Blog

Showing posts with label Medical Sector. Show all posts

Decade-Old Critical Vulnerabilities Might Affect Infusion Pumps

 

According to scans of over 200,000 infusion pumps located on the networking of healthcare providers and hospitals, increasing numbers of gadgets are vulnerable to six critical-severity issues (9.8 out of 10) reported in 2019 and 2020.

According to Palo Alto Networks experts, 52% of scanned devices are vulnerable to two significant security issues discovered in 2019: CVE-2019-12255 (CVSS score of 9.8) and CVE-2019-12264 (CVSS score of 9.8). (CVSS score of 7.1) In a research report, the business stated over 100,000 infusion pumps were vulnerable to older, medium-severity issues (CVE-2016-9355 and CVE-2016-8375). 

"While some of these vulnerabilities and alerts may be difficult for attackers to exploit unless it is physically present in an organization," the researchers added, "all represent a potential risk to the general security of healthcare organizations and the safety of patients – particularly in situations where threat actors may be motivated to devote additional resources to attacking a target." 

Wind River, the company which supports VxWorks RTOS, has patched all URGENT/11 concerns since July 19, 2019. However, in the embedded device world, large delays in applying patches or not applying them at all are well-known issues. The last five critical-severity bugs that were discovered in June 2020, affect items made by the American healthcare corporation Baxter International. 

Malicious misuse of software security flaws might put human lives in danger, according to the firm. Infusion pumps are used to give medications and fluids to patients, and the company cautioned how malicious exploitation of software security flaws could put human lives at risk. The majority of the discovered flaws can be used to leak sensitive information and gain unauthorized access. Bugs that lead to the release of sensitive information harm not only infusion pumps, but also other medical devices, and may affect credentials, operational information, and patient-specific data.

Another area of concern is the use of third-party modules which may have security flaws. CVE-2019-12255 and CVE-2019-12264, for example, are significant vulnerabilities in the IPNet TCP/IP stack utilized by the ENEA OS of Alaris Infusion Pumps, according to the researchers. 

"Overall, most of the typical security alerts triggered on infusion systems imply avenues of attack which the device owner should be aware of," the security experts told. "For example, via internet access or default login and password usage."Given some infusion pumps are utilized for up to ten years, healthcare practitioners seeking to protect the security of devices, data, and patient information should consider the following.

Medatixx Struck by Ransomware Attack, Customers Advised to Change Passwords

 

Medatixx, a German medical software provider whose products are used in around 21,000 health institutions, advises customers to update their application passwords, following a ransomware attack that damaged their entire operations. 

The business stressed that the impact has not reached clients and is restricted to their internal IT systems and shouldn't affect their PVS (practice management systems). Threat actors may have obtained Medatixx users' credentials, as it is uncertain what data was taken during the attack. 

As a result, Medatixx advises clients to take the following precautions to ensure that their practise management software stays secure: 
  • Change the user passwords on practise software. 
  • On all workstations and servers, change the Windows logon passwords 
  • Passwords for TI connectors should be changed. The aforementioned are preventative steps, according to the business, but they should be implemented as soon as possible. 
The following are the software products whose users should respond to this emergency immediately:  
  • easymed
  • medatixx
  • x.comfort
  • x.concept
  • x.isynet
  • x.vianova
About the attack

The ransomware attack on Mediatixx occurred last week, and the firm is still recovering, with just e-mail and central telephone services restored so far. Additionally, all regional sales partners and customer support lines are operational, allowing clients to contact corporate staff with any questions they may have. There is no confirmation when the corporation will resume normal operations. 

Furthermore, it is unknown whether the actors were able to get any customer, doctor, or patient information. The company states that it has alerted Germany's data protection authorities about the occurrence and will provide an update after the inquiry is completed. 

Medatixx explained in the translated advisory, "It is not known at this point whether or not, and to what extent any data was stolen. It can therefore not be ruled out that the data stored by us has been stolen." 

As per Heise Online, Mediatixx solutions are used in around 25% of all medical institutions in Germany, and this might be the country's largest hack ever in the healthcare system. Furthermore, according to the German news agency, the attackers could steal user credentials through remote maintenance systems.

Olympus Suffers Second Cyberattack in 2021

 

Olympus, a Japanese tech giant, disclosed that it was hit by a cyberattack that forced it to take down its IT systems in the United States, Canada, and Latin America. 

Olympus is a company founded in 1919 being a technology leader in the medical sector that develops cutting-edge opto-digital products, life science, and consumer electronics products. On October 12, Olympus announced on its website that it is investigating a potential cybersecurity incident discovered on October 10 and currently working with the utmost priority to fix this issue.  

The company stated, "Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue." 

"As part of the investigation and containment, we have suspended affected systems and have informed the relevant external partners. The current results of our investigation indicate the incident was contained to the Americas with no known impact to other regions." 

The firm did not state whether or not the customer or corporate data was obtained or stolen as a result of the "potential cybersecurity incident," but added that it would share updated information on the assault as soon as it becomes available. 

Olympus added, "We are working with appropriate third parties on this situation and will continue to take all necessary measures to serve our customers and business partners in a secure way. Protecting our customers and partners and maintaining their trust in us is our highest priority." 

According to an Olympus spokesman, the firm discovered no indication of data loss during an ongoing investigation into this occurrence. 

This incident comes after the ransomware assault on Olympus' EMEA (Europe, Middle East, and Africa) IT infrastructure in early September. Although Olympus did not disclose the identities of the attackers, ransom notes discovered on damaged computers showed that BlackMatter ransomware operators orchestrated the attack. 

The identical ransom notes directed victims to a Tor website previously used by the BlackMatter group to connect with its victims. Although Olympus did not provide many specifics about the nature of the attack that impacted its Americas IT systems, ransomware groups are notorious for carrying out their operations on weekends and holidays in order to minimize detection. 

In an August joint alert, the FBI and CISA stated that they had "observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States, as recently as the Fourth of July holiday in 2021."