Palo Alto: More than 100,000 infusion pumps vulnerable to 2 vulnerabilities

In an examination of more than 200,000 infusion pumps on the networks of several healthcare organizations, Palo Alto Networks security researchers discovered that more than 52% were susceptible to two known vulnerabilities that were disclosed in 2019 – one with a “critical” severity score and the other with a “high” severity score.

Palo Alto Network’s Unit 42 released a report examining 200,000 infusion pumps on the networks of hospitals and clinics that use their security program for IoT devices. 

ZDNet Recommends

“An alarming 75% of infusion pumps scanned had known security gaps that put them at heightened risk of being compromised by attackers,” the researchers said. “These shortcomings included exposure to one or more of some 40 known cybersecurity vulnerabilities and/or alerts that they had one or more of some 70 other types of known security shortcomings for IoT devices.”

The report lists several vulnerabilities affecting most infusion pumps, including CVE-2019-12255, CVE-2019-12264, CVE-2016-9355, CVE-2016-8375, CVE-2020-25165, CVE-2020-12040, CVE-2020-12047, CVE-2020-12045, CVE-2020-12043 and CVE-2020-12041. 

CVE-2019-12255, which had a 9.8 rating, was found in 52.11% of all the infusion pumps Palo Alto looked at. CVE-2020-12040, CVE-2020-12047, CVE-2020-12045, CVE-2020-12043 and CVE-2020-12041 all had ratings of 9.8 and were found in at least 15% of

Read More: https://www.zdnet.com/article/palo-alto-more-than-100000-infusion-pumps-vulnerable-to-2-vulnerabilities/#ftag=RSSbaffb68