Medical device and MedTech insights, news, tips and more

Smiths Medical recently released a firmware update to eliminate potential medical device security vulnerabilities that had been discovered by an independent researcher earlier in 2017.

The vulnerabilities may have allowed remote attackers to gain unauthorized access, affecting certain infusion pumps’ intended operations, the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said in a September 2017 warning.

The firmware update eliminates a cybersecurity common vulnerability and exposure (CVE) that potential affected the Medfusion® 4000 devices, Smiths Medical Chief Technology Officer and Vice President of R&D Brett Landrum said in the December 2017 announcement.

“We would like to inform you that we are releasing our Medfusion® 4000 pump firmware update (Version 1.6.1) to eliminate the identified CVE,” Landrum wrote. “The pump firmware update is available now to all current Medfusion® 4000 customers at no charge, and all new Medfusion® 4000 orders shipped after December 15 will have the V1.6.1 software.”

“There will be no visible changes to infusion delivery impacting clinicians and healthcare providers with this firmware update,” he continued.

The cybersecurity CVE patch also has no impact on patient care or clinical use, the update added.

ICS-CERT explained in its earlier warning that the vulnerabilities could be remotely executed but that a highly skilled attacker would be able to perform the infiltration.

“ICS-CERT reminds organizations to perform proper impact analysis and risk assessment by examining their specific clinical use of the pump in the host environment,” the warning cautioned. “NCCIC/ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities.”

Read More at the Source: Smiths Medical Releases Firmware Update for Medical Device Security