Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over 1,400 Vulnerabilities Found In Automated Medical Supply System

Posted by msmash on from the seeking-immediate-attention dept.

An anonymous reader writes: Security researchers have discovered 1,418 vulnerabilities in CareFusion's Pyxis SupplyStation system -- automated cabinets used to dispense medical supplies -- that are still being used in the healthcare and public health sectors in the US and around the world. The vulnerabilities can be exploited remotely by attackers with low skills, and exploits that target these vulnerabilities are publicly available. Things already seem to be getting out hand.

1 of 85 comments (clear)

  1. War Story on Medical System Security by Salgak1 · · Score: 4, Interesting

    . . . . year or two back, my oldest daughter entered a program to learn the "EPIC" medical records system. Now, admittedly, we're a geekhaus, my daughters were doing computers at age 5, and my youngest managed to hack the oldest by examining her browser cache at age 8.

    But she came back from the first day or two of training, shaking HER head. Not only was there no folder security, but, at least as configured there, every user was an admin.. Each of which could mess with another's files and account settings.

    Worse still, they were being trained at the site where the system was being hosted for production. No physical security. No backup power: in fact, zero redundancy whatsoever. And data backup ? "What's that ?"

    She wrote up a 2-page summary of problems SHE saw (and her training was in Medical Administration, although she DID learn Security from me. . .). She sends it to the POC at the Hospital the system was in the process of being installed for. . . .and the EPIC people dropped her from the course.

    There's a cherry on the top of this Sundae of Fail: she was eventually hired by the Hospital as, surprisingly enough, a Ward Medical Admin. And the IT Department comes to HER for help and suggestions. . . .