Security News

Security specialist Armis has discovered vulnerabilities, collectively dubbed PwnedPiper, in pneumatic tube control systems used in thousands of hospitals worldwide - including 80 per cent of the major hospitals found in the US. The researcher spotted the PwnedPiper vulnerabilities in Swisslog's Nexus stations for its Translogic Pneumatic Tube System product - a connected control system for the delivery tubes which send medicines, samples, blood products, and paperwork whizzing around a hospital. "The PTS system supports variable speed transactions which, on the one hand allow for express shipment of urgent items," the researchers said, "While on the other, enable the slow transfer of sensitive items, such as blood products, that may be harmed if jolted too quickly within the tubes. If an attacker were to compromise the PTS system, he may alter the system's speed restrictions, which can in turn damage such sensitive items."

Several serious vulnerabilities discovered in a widely used pneumatic tube system made by Swisslog Healthcare can be highly useful for ransomware attacks aimed at hospitals, according to enterprise IoT security firm Armis. Armis researchers discovered 8 types of vulnerabilities in the TransLogic pneumatic tube system made by Swisslog Healthcare, which specializes in automation and transport solutions for hospitals and pharmacies.

Pneumatic tube system stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital's critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication to where they're needed.

Armis researchers have unearthed critical vulnerabilities in Swisslog Healthcare's Translogic pneumatic tube system, which plays a crucial role in patient care in more than 3,000 hospitals worldwide. Attackers exploiting the vulnerabilities could gain complete control over the PTS network, negatively affect the functioning of the system and damage sensitive materials, compromise sensitive information, and interfere with the hospitals' workflows.

The software used to control pneumatic tubes in over 3,000 hospitals around the world has nine critical vulnerabilities that could halt hospital operations if exploited by a savvy attacker. Tube systems in hospitals are commonly used to deliver medicine, transport blood and other essential medical supplies, and send lab samples across buildings that would take considerable time to deliver on foot.

A cyberattack that crippled the computer systems of a hospital network affecting six hospitals in Vermont and New York last fall happened after an employee opened a personal email on a company laptop while on vacation, a University of Vermont Health Network official said Tuesday. The email was from legitimate local business that had been hacked, Doug Gentile, network chief medical information officer told The Associated Press.

Officials at Vermont's largest hospital are still trying to determine the full financial impact of the cyberattack last October that knocked out computers affecting three hospitals in Vermont and three in New York. It took months for the University of Vermont Health Network to recover from the attack, estimated to cost upwards of $63 million.

UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network. The University of Florida Health, also known as UF Health, is a healthcare network of hospitals and physician practices that provide care to countries throughout Florida.

New Zealand's Waikato District Health Board has been hit with a strain of ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals. Phone lines went down and hospitals were forced to accept urgent patients only.

Ireland's nationalised health service has shut down its IT systems following a "Human-operated" Conti ransomware attack, causing a Dublin hospital to cancel outpatient appointments. The country's Health Service Executive closed its systems down as a precaution, local reports from the Irish public service broadcaster RTÉ said, reporting that Dublin's Rotunda Hospital had cancelled appointments for outpatients - including many for pregnant women.