Numerous devices from medical technology company Becton, Dickinson and Company (BD) are vulnerable to the KRACK key-reinstallation attack directly impacting the integrity and confidentiality of patient records.
KRACK could allow a malicious actor to execute a man-in-the-middle attack, allowing the attacker within radio range to replay, decrypt or spoof frames leaving PHI exposed to unauthorized persons over WiFi.
Versions of BD Pyxis, the company’s medication and supply management system, are impacted by the vulnerability, according to ICS-CERT. That includes 12 versions of the system, such as the BD Pyxis Anesthesia ES, BD Pyxis SupplyStation, and BD Pyxis Parx handheld.
Proficio Threat Intelligence Recommendations:
- Patch to the latest recommended updates for Wi-Fi access points implemented in Wi-Fi enabled networks
- Ensure that appropriate physical controls are in place to prevent attackers from being within physical range of an affected Wi-Fi access point and client
- Ensure data has been backed up and stored according to your individual processes and disaster recovery procedures