Hospital hallway robots get patches for potentially serious bugs

Written by
Apr 12, 2022 | CYBERSCOOP

Rolling robots used at hospitals for a variety of tasks — including transporting medication — have been patched for five vulnerabilities that could have allowed attackers to potentially disrupt patient care or capture sensitive information, researchers said Tuesday.

Health care cybersecurity company Cynerio said it found the bugs in Aethon’s TUG robots in December, and then “worked closely” from January onward with the manufacturer through the federal Cybersecurity and Infrastructure Security Agency’s process for disclosing critical vulnerabilities. Aethon said it took “immediate action” after receiving the information from CISA.

“We are pleased that the notification process worked as intended and helped to discover, report, and rectify system vulnerabilities in a collaborative effort so that we can continue to stay a step ahead of bad actors and provide the efficiency systems like ours are made to deliver,” Aethon said.

The most serious of the bugs, which scored 9.8 out of 10 on the open source Common Vulnerability Scoring System, could have allowed an unauthenticated user to connect to the TUG Home Base Server that controls the robots, Cynerio said. Attackers could potentially cancel existing tasks, use a TUG to meddle

Read More: