CyberMDX and Microsoft: Protecting life-saving medical devices

This blog post is part of the Microsoft Intelligent Security Association MISA guest blog series. Learn more about MISA. While hospitals continue to battle the COVID-19 pandemic, many are battling other “viruses” behind the scenes. Malware, ransomware, and phishing attacks against healthcare...

Critical, Unpatched Bug Opens GE Radiological Devices to Remote Code Execution

A pair of critical vulnerabilities have been discovered in dozens of GE Healthcare radiological devices popular in hospitals, which could allow an attacker to gain access to sensitive personal health information PHI, alter data and even shut the machine’s availability down. The flaws affect 100...

New Microsoft Security innovations and partnerships

Today on the Official Microsoft Blog, Ann Johnson, Corporate Vice President of the Cybersecurity Solutions Group, shared how Microsoft is helping turn the tide in cybersecurity by putting artificial intelligence AI in the hands of defenders. She announced the general availability of Microsoft...

Critical, Unpatched 'MDhex' Bugs Threaten Hospital Devices

A collection of six cybersecurity vulnerabilities in a range of GE Healthcare devices for hospitals has been discovered. Dubbed “MDhex” by the researchers at CyberMDX who discovered them, the bugs would allow attackers to disable the devices, harvest personal health information PHI, change alarm...

Vulnerable infusion pumps can be remotely accessed to change dosages

By Waqas Critical Bug in Medical Infusion Pumps lets Attacker Remotely install Unauthorized Firmware to Change Medication Dosages. Researchers at CyberMDX, a healthcare security firm, have identified two different vulnerabilities in Becton Dickinson Alaris Gateway Workstations AGW used by hospita...

Max-Severity Bug in Infusion Pump Gateway Puts Lives at Risk

Researchers have disclosed two separate vulnerabilities within the Becton Dickinson Alaris Gateway Workstation for medical infusion pumps in hospitals, one carrying a critical rating of 10 out of 10 on the CVSS v.3 severity scale. Alaris Gateway Workstations power, monitor and control infusion...

Critical Flaws in Syringe Pump, Device Gateways Threaten Patient Safety

Two previously undocumented, critical vulnerabilities in widely deployed medical devices have sparked patient-safety and data-privacy concerns. Flaws in the Qualcomm Life Capsule Datacaptor Terminal Server and the Becton Dickinson BD Alaris TIVA Syringe Pump have been acknowledged by the vendors...