Security In Medical Equipment

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, May 05, 2015

Follow me on Twitter as @mattiasgeniar

This isn’t the first occurrence and it sure won’t be the last, either.

Hospira Lifecare PCA infusion pump running “SW ver 412” does not require authentication for Telnet sessions, which allows remote attackers to gain root privileges via TCP port 23.

CVE-2015-3459

Imagine having an infusion pump that someone can remotely control. Power on, power of? Increase or decrease the supply?

How is security not a top priority for anything medically related? Even remote surgery equipment (the actual robotics hands someone can control from the other side of the world) has known security issues.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.