Researchers have found two security vulnerabilities, one severe, in Becton Dickson (BD) infusion pumps: the devices used in hospitals for supplying power and network connectivity to multiple infusion and syringe pumps that deliver fluids, including intravenous fluids, painkillers and medications such as insulin.
Such pumps are often hooked up to a central monitoring station so that hospital staff can check on multiple patients at the same time.
The flaws, in BD’s Alaris Gateway Workstation (AGW), were discovered by the healthcare cybersecurity firm CyberMDX in September 2018. The firm’s
researchers said on Thursday that one of the security flaws – the most critical, according to
an advisory issued by the Department of Homeland Security (DHS), also on Thursday – could allow the devices to be remotely hijacked and controlled.