Devices & Diagnostics

U.S. Department of Homeland Security warns of cybersecurity issues with those using Pyxis SupplyStation

Flaws within more that 1,4oo cybersecurity third-party software have been found by the U.S. Homeland Security department that are used with Pyxis SupplyStation automated medical supply cabinet.

hacking data Security

Flaws within more that 1,4oo cybersecurity third-party software have been found by the U.S. Homeland Security department that are used with Pyxis SupplyStation automated medical supply cabinet.

Pyxis’ medical supply cabinet is made by Becton Dickinson & Co. subsidiary CareFusion.

The Pyxis systems comprehensively provide medication and supply management throughout the hospital and Integrated Delivery Network. By helping streamline workflow, and improve financial performance and facilitate regulatory compliance they are designed to enhance medication safety and patient care – that is until patient security is potential compromised.

The vulnerabilities, found in 7 third-party software packs, are included with Microsoft Windows XP, Sybase SQL Anywhere 9, Symantec Antivirus 9 and Symantec pcAnywhere 10.5. They were found by independent researchers Billy Rios and Mike Ahmadi in collaboration with CareFusion.

“Exploitation of these vulnerabilities may allow a remote attacker to compromise the Pyxis SupplyStation system,” according to ICS-CERT. “As a result of the identified vulnerabilities, CareFusion has started reissuing targeted customer communications, advising customers of end-of-life versions with an upgrade path. For customers not pursuing the remediation path of upgrading devices, CareFusion has provided compensating measures to help reduce the risk of exploitation.”

Topics