BD finds cybersecurity flaw that could allow hackers to disable infusion pumps

Several models of BD’s BodyGuard infusion pumps face a moderate risk of being hacked, the company reported this week.

Infusion pumps are used in hospitals to control the intravenous delivery of medications, nutrients and other fluids to a patient. None of the affected BodyGuard models—many of which joined BD’s portfolio in its 2017 acquisition of Israel’s Caesarea Medical Electronics—are approved for use in the U.S.

BD voluntarily reported the potential security risk to the Cybersecurity and Infrastructure Security Agency, part of the U.S. Department of Homeland Security, according to a Dec. 1 notice from the agency.

In a cybersecurity bulletin of its own, the devicemaker described how the affected BodyGuard pumps could be accessed by a malicious actor through a physical connection to the device's serial port. If that happens, a hacker could alter the device’s settings or completely disable it, interrupting the proper flow of needed treatments to a patient. To date, according to CISA, no publicly known hacking efforts have specifically targeted the vulnerability.

BD has assigned to the potential hacking risk a rating of 5.3 out of 10 on the Common Vulnerability Scoring System—the scale widely used to grade cybersecurity risks—denoting only a “medium” level of severity for the issue.

For one thing, the company noted, no protected or personally identifiable health information is stored in the pumps, meaning that hackers wouldn’t be able to steal patient data by accessing the devices. For another, such a hack would require physical access to the pump, as well as specialized equipment and at least some knowledge of the BodyGuard devices to execute new commands.

However, BD added, “the attacker would require no prior authentication to control the pump,” and they could also remove hospitals’ access to pump technician codes, potentially rendering the devices no longer usable.

Taken altogether, the company has determined that “there is a low probability of harm occurring” from the identified issue. Still, it suggested in the bulletin that hospitals connect only BD-approved equipment to the pumps and remove all equipment from the serial ports when pumps are in use. They should also take measures to protect all hospital computer systems and “ensure physical access controls are in place and only authorized end-users have access to BD BodyGuard pumps.”

Infusion pumps are particularly susceptible to hacking. A study published earlier this year found that as many as 75% of the devices that are connected to hospital networks contain known cybersecurity flaws, possibly giving hackers access to the device’s controls or to any unencrypted data that passes to or from a pump.

And BD isn’t the only medtech maker this year to spot a vulnerability in its pumps: In September, Baxter reported that it had spent the previous several months rectifying a handful of issues with its internet-connected Sigma Spectrum infusion pumps, which are equipped with software that automates their fluid delivery to patients.