Connect with us

Company News

BD discloses cybersecurity vulnerability in cervical cytology processing machine

BD found the vulnerability and disclosed it to the Cybersecurity and Infrastructure Security Agency. The vulnerability received a score of 6.6 on a 10-point threat scale, reflecting the potential for an attacker to access private information and the limited circumstances in which that would be possible.

“A successful attack would involve the threat actor having access to Windows authentication credentials (Remote Workstation) or breaking out of kiosk mode (Instrument) to gain access to the underlying Windows operating system. Any such attack would have high impact to the confidentiality and partial impact to the integrity and availability of the system, including potential access to sensitive information,” BD said in a statement on its website. An attacker could associate results with the wrong patient, thereby affecting their care, it added.

Until BD rolls out version 1.71 of the software to fix the problem, it should be possible to prevent attacks by other means, the company said. If the instrument does not need to be connected to a network, an attacker would need to physically interact with the device to exploit the vulnerability. BD is advising labs to limit access to authorized end users.

If a lab needs to connect the instrument to a network, it should ensure industry standard security policies and procedures are followed, according to BD. No known public exploits specifically target the vulnerability, which is not exploitable remotely.

Dive brief:

  • Becton Dickinson has disclosed a cybersecurity vulnerability that could allow an attacker to access and modify information on an instrument used to process cervical cytology samples.
  • The vulnerability affects laboratory automation instrument Totalys MultiProcessor. Because the instrument uses hard-coded credentials, an attacker with physical or network access could see protected and personal information, the company said.
  • BD plans to release a software update in the fourth quarter to fix the issue. Until then, the company is advising users to mitigate the threat by restricting access to the instrument.

MedTech Dive

Related Topics:

We create rich business content, reach targeted business audiences, and provide valuable business information to our readers.

We create rich business
content, reach targeted business
audiences, and provide valuable business information to our readers.

Copyright © 2024 Medical Buyer

error: Content is protected !!