PwnedPiper flaws threaten infrastructure of 80% of US hospitals
Pneumatic tube systems could be hacked, putting patients at risk
Nine critical vulnerabilities in a popular hospital pneumatic tube software could enable hackers to take control of systems and launch a range of attacks.
Researchers at security platform provider Armis unearthed the flaws and dubbed them PwnedPiper. They found the vulnerabilities in the Nexus Control Panel, which powers all current models of Translogic’s pneumatic tube system (PTS) stations by Swisslog Healthcare.
This technology is a critical piece of health care infrastructure used in more than 3,000 hospitals worldwide. The tubes deliver medication, blood, and lab samples across multiple departments of a hospital.
Researchers noted the tube systems are connected to the internet but "despite the prevalence of these systems, and the reliance of hospitals on their availability to deliver care, the security of these systems has never been thoroughly analyzed or researched."
According to researchers, these flaws could let hackers take over PTS stations and gain full control over the target hospital’s tube network. In turn, an attacker could launch a denial-of-service on critical infrastructure or man-in-the-middle attacks, resulting in deliberate sabotage of the hospital’s workings.
"Understanding that patient care depends not only on medical devices, but also on the operational infrastructure of a hospital is an important milestone to securing healthcare environments," said Nadir Izrael, co-founder and CTO at Armis.
Five of the vulnerabilities in PwnedPiper allow remote code execution, which hackers could use to access a hospital network and then take over Nexus stations.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
RELATED RESOURCE
X-Force Threat Intelligence Index
Top security threats and recommendations for resilience
By compromising a Nexus station, an attacker can carry out reconnaissance, including harvesting data from the station, such as RFID credentials of any employee who uses the PTS system, details about each station’s functions or location, and the physical layout of the PTS network.
From there, hackers can take over all Nexus stations in the tube network and possibly launch a ransomware attack.
Armis said it disclosed the vulnerabilities to Swisslog in early May and has been working with the manufacturer to test the available patch and ensure proper security measures will be provided to customers. Swisslog Healthcare has released a security advisory today.
Researchers said while such an attack may ultimately be remediated with manual firmware upgrades of all compromised stations, such a process will take considerable time and effort.
“Hospitals don’t necessarily have any contingency in place to handle a prolonged shutdown of the PTS system, which ultimately may translate to harm to patient care,” said researchers.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
AWS hits back at EU cloud 'gatekeeper' designation hintsNews Gatekeeper designation under the legislation would force AWS and Microsoft to make concessions
-
Is the Top500 meaningless? Not so, says US national laboratory CTOIn-depth LINPACK may measure only one process, but there are real and meaningful use cases for exascale systems
-
OpenAI expands 'Daybreak' cyber program: New tools, partnerships, and a cyber-focused GPT-5.5 aim to help 'patch the world'News The company has added new tools, signed up partners, and released its GPT-5.5-Cyber model more widely
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
