ICS-CERT, the US Computer Emergency Response Team that focuses on industrial control systems, has issued a warning that wireless hospital syringe-infusion pumps are vulnerable to hacking
The warning concerns the Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump.
The problem was discovered by security researcher Scott Gayou, who identified eight vulnerabilities in Smiths Medical's Medfusion 4000 Wireless Syringe, according to ICS-CERT.
The statement claims that the vulnerabilities are real, but adds that there are so far no known exploits in the wild.
"Smiths Medical is planning to release a new product version to address these vulnerabilities in January 2018," it added. "In the interim, NCCIC/ICS-CERT is recommending that users apply the identified compensating controls until the new version can be applied."
Smiths Medical has already posted a response to the low-level panic and communicated its apologies to its customers along with its belief that this is a non-threat.
"The possibility of this exploit taking place in a clinical setting is highly unlikely, as it requires a complex and an unlikely series of conditions," it said.
"We have been engaged with the FDA Center for Devices and Radiological Health and the U.S. Department of Homeland Security's Industrial Control System - Computer Emergency Response Team (ICS-CERT) to resolve this issue."
If you work in hospital IT and want to know more you can get all the details on the ICS-CERT page. Or you can wait until January 2018 when Smiths Medical will release a patch.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software