"New Vulnerabilities Reported in Baxter's Internet-Connected Infusion Pumps"

Multiple security flaws have been discovered in Baxter's Internet-connected infusion pumps, which are used by healthcare professionals to dispense medication to patients in clinical settings. Infusion pumps are Internet-enabled devices to deliver medication and nutrition into a patient's circulatory system. The successful exploitation of these vulnerabilities could result in access to sensitive data and system configuration changes, according to the Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA), in a coordinated advisory. The cybersecurity firm Rapid7 discovered the four vulnerabilities in Sigma Spectrum v6.x model 35700BAX, Sigma Spectrum v8.x model 35700BAX2, Baxter Spectrum IQ (v9.x) model 35700BAX3, and other Sigma Spectrum infusion systems. Successful exploitation of the discovered vulnerabilities could result in a remote Denial-of-Service (DoS) attack, or allow an attacker with physical access to the device to extract sensitive information or conduct adversary-in-the-middle attacks. The vulnerabilities could also result in the loss of critical Wi-Fi password data, which could lead to increased network access if the network is not properly segmented. To prevent unauthorized access, Baxter advises customers to erase all data and settings from decommissioned pumps, place infusion systems behind a firewall, enforce network segmentation, and use strong wireless network security protocols. This article continues to discuss the potential exploitation and impact of the security vulnerabilities discovered in Baxter's Internet-connected infusion pumps.

THN reports "New Vulnerabilities Reported in Baxter's Internet-Connected Infusion Pumps"