Security News > 2021 > August > Flaws in Pneumatic Tube System Can Facilitate Cyberattacks on North American Hospitals
Several serious vulnerabilities discovered in a widely used pneumatic tube system made by Swisslog Healthcare can be highly useful for ransomware attacks aimed at hospitals, according to enterprise IoT security firm Armis.
Armis researchers discovered 8 types of vulnerabilities in the TransLogic pneumatic tube system made by Swisslog Healthcare, which specializes in automation and transport solutions for hospitals and pharmacies.
Pneumatic tube systems enable hospitals to quickly and safely transport IVs, lab specimens, pharmaceuticals, documents, and other materials from one location to another.
Swisslog says its TransLogic product is used in more than 3,000 hospitals around the world, and it's present in over 80 percent of North American hospitals.
"By compromising a Nexus station, an attacker can leverage it for reconnaissance purposes, including harvesting data from the station such as RFID credentials of any employee that uses the PTS system, details about each station's functions or location, as well as gain an understanding of the physical layout of the PTS network. From there, an attacker can take over all Nexus stations in the tube network, and hold them hostage in a sophisticated ransomware attack," Armis explained.
It added, "The potential for pneumatic tube stations to be compromised is dependent on a bad actor who has access to the facility's information technology network and who could cause additional damage by leveraging these exploits."