Vulnerability: KRACK Vulnerability Leaves Medical Devices Exposed

Numerous devices from medical technology company Becton, Dickinson and Company (BD) are vulnerable to the KRACK key-reinstallation attack directly impacting the integrity and confidentiality of patient records.

KRACK could allow a malicious actor to execute a man-in-the-middle attack, allowing the attacker within radio range to replay, decrypt or spoof frames leaving PHI exposed to unauthorized persons over WiFi.

Versions of BD Pyxis, the company’s medication and supply management system, are impacted by the vulnerability, according to ICS-CERT. That includes 12 versions of the system, such as the BD Pyxis Anesthesia ES, BD Pyxis SupplyStation, and BD Pyxis Parx handheld.

Proficio Threat Intelligence Recommendations:

  • Patch to the latest recommended updates for Wi-Fi access points implemented in Wi-Fi enabled networks
  • Ensure that appropriate physical controls are in place to prevent attackers from being within physical range of an affected Wi-Fi access point and client
  • Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures

 

Recent Blog Posts

Stay Ahead of Evolving Threats

Sign up for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.

REQUEST A DEMO

Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.