Security News > 2022 > September > New Vulnerabilities Reported in Baxter's Internet-Connected Infusion Pumps

Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients.

The four vulnerabilities in question, discovered by cybersecurity firm Rapid7 and reported to Baxter in April 2022, affect the following Sigma Spectrum Infusion systems -.

The vulnerabilities could further result in a "Loss of critical Wi-Fi password data, which could lead to greater network access should the network not be properly segmented," Deral Heiland, principal security researcher for IoT at Rapid7, told The Hacker News.

"If exploited, the vulnerabilities could result in disruption of operation, disconnection of the WBM from the wireless network, alteration of the WBM's configuration, or exposure of data stored on the WBM," the company said.

Earlier this March, Palo Alto Networks Unit 42 disclosed that an overwhelming majority of infusion pumps were exposed to nearly 40 known vulnerabilities, highlighting the need to secure healthcare systems from security threats.

Baxter is recommending customers to ensure that all data and settings are erased from decommissioned pumps, place infusion systems behind a firewall, enforce network segmentation, and use strong wireless network security protocols to prevent unauthorized access.

News URL

https://thehackernews.com/2022/09/new-vulnerabilities-reported-in-baxters.html