TMCnet News
Armis Identifies Nine Vulnerabilities in Critical Infrastructure Used by Over 80% of Major Hospitals in North AmericaPALO ALTO, Calif., Aug. 02, 2021 (GLOBE NEWSWIRE) -- Researchers at Armis, the unified asset visibility and security platform provider, have today announced the discovery of nine critical vulnerabilities in the Nexus Control Panel, which powers all current models of Translogic’s pneumatic tube system (PTS) stations by Swisslog Healthcare. The Translogic PTS system is a critical infrastructure for healthcare used in more than 3,000 hospitals worldwide. The system is responsible for delivering medications, blood products, and various lab samples across multiple departments of a hospital. The discovered vulnerabilities can enable an unauthenticated attacker to take over PTS stations and gain full control over the tube network of a target hospital. This type of control could enable sophisticated ransomware attacks that can range from denial-of-service of this critical infrastructure to full-blown man-in-the-middle attacks that can alter the paths of the networks’ carriers, resulting in deliberate sabotage of the workings of the hospital. Modern PTS systems are IP-connected, and offer advanced features, but, despite the prevalence of these systems, and the reliance of hospitals on their availability to deliver care, the security of these systems has never been thoroughly analyzed or researched. “This research sheds light on systems that are hidden in plain sight but are nevertheless a crucial building block to modern-day healthcare,” said Nadir Izrael, co-founder and CTO at Armis. “Understanding that patient care depends not only on medical devices, but also on he operational infrastructure of a hospital is an important milestone to securing healthcare environments.” How Could PwnedPiper Be Used? “Armis disclosed the vulnerabilities to Swisslog on May 1, 2021, and has been working with the manufacturer to test the available patch and ensure proper security measures will be provided to customers,” said Ben Seri, Armis VP of Research, who leads the team that discovered the vulnerabilities. “With so many hospitals reliant on this technology we’ve worked diligently to address these vulnerabilities to increase cyber resiliency in these healthcare environments, where lives are on the line.” Ben Seri and Barak Hadad will present their research on PwnedPiper at this year’s Black Hat USA on Wednesday, August 4th, and Thursday, August 5th. You can find more details here. For more information, Armis has published a detailed blog to help hospitals navigate the vulnerability at https://www.armis.com/pwnedpiper. For additional information from Swisslog Healthcare, please see the following security advisory here. About Armis Media Contact: |