US Homeland Security Issues Warning About Cybersecurity Vulnerabilities With Supply Management System

The US Department of Homeland Security released an advisory regarding newly-discovered cybersecurity vulnerabilities in a Becton, Dickinson and Company (BD) supply management system. The Pyxis SupplyStation – designed to dispense medical supplies based on fingerprint identification of authorized personnal – was evaluated by independent researchers who found that the system could be accessed remotely.

According to the agency, they will not be developing a patch to fix the issue as the affected systems are nearing the end of their product lifespan. Two independent researchers – Billy Rios and Mike Ahmadi – identified the issue in collaboration with the BD-owned subsidiary, CareFusion.

The independent researchers identified the security vulnerabilities using a system purchased from a retailer specializing in selling decommissioned units. The weak points were identified using an automated software composition analysis tool.

CareFusion has presented a number of ways for institutions to minimize exploitation risk of the Pyxis SupplyStation systems. The company was acquired by BD in 2015 in a $12.2 billion agreement.

The researchers identified over 1,400 different vulnerabilities across seven third-party vendor software packages. In all, 86 files were affected by the cybersecurity risk, and CareSystem no longer provides support for these supply management systems.

CareFusion’s main recommendation for facilities who are using the affected systems, is to disconnect the Pyxis SupplyStation from the internet. If remote access is required, they recommend closely monitoring traffic to the device through a virtual private network.

“Exploitation of these vulnerabilities may allow a remote attacker to compromise the Pyxis SupplyStation system,” said the US Department of Homeland Security. “The SupplyStation system is designed to maintain critical functionality and provide access to supplies in ‘fail-safe mode’ in the event that the cabinet is rendered inoperable. Manual keys can be used to access the cabinet if it is rendered inoperable.”

US Homeland Security Issues Warning About Cybersecurity Vulnerabilities With Supply Management System

Related Vitals

Avicenna.AI Gets FDA Clearance for AI-Powered CT Scan Tools for Pulmonary Embolism and Stroke Assessment

Roche’s Early Alzheimer’s Blood Test Gets FDA Breakthrough Device Designation

First-of-Its-Kind Robotic Surgery Assistant by Zimmer Biomet for Enhanced Shoulder Procedures

First Miniaturized Robotic-Assisted Surgery Device Gets FDA Authorization

International HPV Awareness Day 2024: Spotlight on Vaccination and Early Detection

Related Webinars

Solving unmet needs in GLP1 cardiometabolic clinical trials: novel approaches to digital data capture and patient retention

Leveraging Active Diagnostic Stewardship Interventions to Optimize the Outcomes of Patients with Bacteremia

The Power of Clinical Data: Why Strategic PMCF Studies Matter

Best Practices for Developing End-to-End Cloud-Powered Medical Devices

Regulatory Documentation: Navigating the Complexities of Documentation Compliance

To create an account, you will need to agree to the privacy policy and terms of use by clicking the agree button at the bottom of this form.

Privacy Policy

EU and UK – PRIVACY POLICY – HONEYCOMB WORLDWIDE INC.

Welcome

Who we are

Our EU and UK Representatives

How to Contact Us

What personal data we collect

Data Accuracy

How We Collect Your Personal Data

Why We Use Your Personal Data

Your Rights

How to exercise your rights

How long we hold your personal data

Who do we share your personal data with?

Do we transfer personal data Overseas?

Third-party links

Marketing

How to withdraw consent

Do we use automated decision-making or profiling?

How We Keep Your Personal Data Secure

How to complain

TERMS OF USE