Security News
How safe are hospitals from common vulnerabilities Ransomware is attacking the bottom line - 48% of hospital executives reported either a forced or proactive shutdown in the last 6 months as a result of external attacks or queries. Midsize hospitals feeling more pain - Of respondents that experienced a shutdown due to external factors, large hospitals reported an average shutdown time of 6.2 hours at a cost of $21,500 per hour while midsize hospitals averaged nearly 10 hours at more than double the cost or $45,700 per hour.
The security weaknesses, disclosed by American cybersecurity firm Armis, impact the Translogic PTS system by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and in no fewer than 3,000 hospitals worldwide. "These vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital," Armis researchers Ben Seri and Barak Hadad said.
Researchers have discovered nine vulnerabilities - collectively dubbed PwnedPiper - in the pneumatic tube systems used in more than 80 percent of major hospitals in North America. The Translogic PTS system, used by more than 3,000 hospitals worldwide, is the pneumatic version of a hospital's veins, arteries and capillaries: The tubes deliver medications, blood, and lab samples throughout a hospital.
Security specialist Armis has discovered vulnerabilities, collectively dubbed PwnedPiper, in pneumatic tube control systems used in thousands of hospitals worldwide - including 80 per cent of the major hospitals found in the US. The researcher spotted the PwnedPiper vulnerabilities in Swisslog's Nexus stations for its Translogic Pneumatic Tube System product - a connected control system for the delivery tubes which send medicines, samples, blood products, and paperwork whizzing around a hospital. "The PTS system supports variable speed transactions which, on the one hand allow for express shipment of urgent items," the researchers said, "While on the other, enable the slow transfer of sensitive items, such as blood products, that may be harmed if jolted too quickly within the tubes. If an attacker were to compromise the PTS system, he may alter the system's speed restrictions, which can in turn damage such sensitive items."
Several serious vulnerabilities discovered in a widely used pneumatic tube system made by Swisslog Healthcare can be highly useful for ransomware attacks aimed at hospitals, according to enterprise IoT security firm Armis. Armis researchers discovered 8 types of vulnerabilities in the TransLogic pneumatic tube system made by Swisslog Healthcare, which specializes in automation and transport solutions for hospitals and pharmacies.
Pneumatic tube system stations used in thousands of hospitals worldwide are vulnerable to a set of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital's critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication to where they're needed.
Armis researchers have unearthed critical vulnerabilities in Swisslog Healthcare's Translogic pneumatic tube system, which plays a crucial role in patient care in more than 3,000 hospitals worldwide. Attackers exploiting the vulnerabilities could gain complete control over the PTS network, negatively affect the functioning of the system and damage sensitive materials, compromise sensitive information, and interfere with the hospitals' workflows.
The software used to control pneumatic tubes in over 3,000 hospitals around the world has nine critical vulnerabilities that could halt hospital operations if exploited by a savvy attacker. Tube systems in hospitals are commonly used to deliver medicine, transport blood and other essential medical supplies, and send lab samples across buildings that would take considerable time to deliver on foot.
A cyberattack that crippled the computer systems of a hospital network affecting six hospitals in Vermont and New York last fall happened after an employee opened a personal email on a company laptop while on vacation, a University of Vermont Health Network official said Tuesday. The email was from legitimate local business that had been hacked, Doug Gentile, network chief medical information officer told The Associated Press.
Officials at Vermont's largest hospital are still trying to determine the full financial impact of the cyberattack last October that knocked out computers affecting three hospitals in Vermont and three in New York. It took months for the University of Vermont Health Network to recover from the attack, estimated to cost upwards of $63 million.