Nine critical vulnerabilities in a popular hospital pneumatic tube software could enable hackers to take control of systems and launch a range of attacks.
Researchers at security platform provider Armis unearthed the flaws and dubbed them PwnedPiper. They found the vulnerabilities in the Nexus Control Panel, which powers all current models of Translogic’s pneumatic tube system (PTS) stations by Swisslog Healthcare.
This technology is a critical piece of health care infrastructure used in more than 3,000 hospitals worldwide. The tubes deliver medication, blood, and lab samples across multiple departments of a hospital.
Researchers noted the tube systems are connected to the internet but "despite the prevalence of these systems, and the reliance of hospitals on their availability to deliver care, the security of these systems has never been thoroughly analyzed or researched."
According to researchers, these flaws could let hackers take over PTS stations and gain full control over the target hospital’s tube network. In turn, an attacker could launch a denial-of-service on critical infrastructure or man-in-the-middle attacks, resulting in deliberate sabotage of the hospital’s workings.
"Understanding that patient care depends not only on medical devices, but also on the operational infrastructure of a hospital is an important milestone to securing healthcare environments," said Nadir Izrael, co-founder and CTO at Armis.
Five of the vulnerabilities in PwnedPiper allow remote code execution, which hackers could use to access a hospital network and then take over Nexus stations.
RELATED RESOURCE
X-Force Threat Intelligence Index
Top security threats and recommendations for resilience
By compromising a Nexus station, an attacker can carry out reconnaissance, including harvesting data from the station, such as RFID credentials of any employee who uses the PTS system, details about each station’s functions or location, and the physical layout of the PTS network.
From there, hackers can take over all Nexus stations in the tube network and possibly launch a ransomware attack.
Armis said it disclosed the vulnerabilities to Swisslog in early May and has been working with the manufacturer to test the available patch and ensure proper security measures will be provided to customers. Swisslog Healthcare has released a security advisory today.
Researchers said while such an attack may ultimately be remediated with manual firmware upgrades of all compromised stations, such a process will take considerable time and effort.
“Hospitals don’t necessarily have any contingency in place to handle a prolonged shutdown of the PTS system, which ultimately may translate to harm to patient care,” said researchers.
-
Trump's AI executive order could leave US in a 'regulatory vacuum'News Citing a "patchwork of 50 different regulatory regimes" and "ideological bias", President Trump wants rules to be set at a federal level
-
TPUs: Google's home advantageITPro Podcast How does TPU v7 stack up against Nvidia's latest chips – and can Google scale AI using only its own supply?
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Critical Dell Storage Manager flaws could let hackers access sensitive data – patch nowNews A trio of flaws in Dell Storage Manager has prompted a customer alert
-
Flaw in Lenovo’s customer service AI chatbot could let hackers run malicious code, breach networksNews Hackers abusing the Lenovo flaw could inject malicious code with just a single prompt
-
Industry welcomes the NCSC’s new Vulnerability Research Initiative – but does it go far enough?News The cybersecurity agency will work with external researchers to uncover potential security holes in hardware and software
-
US healthcare firm postponed procedures after cyber attack knocked systems offlineNews The incident at Kettering Health disrupted procedures for patients
-
US healthcare data breaches are out of control – over 400 million patient records have been exposed in the last two yearsNews There's been a huge surge in the number of healthcare data breaches in recent years
-
More than 5 million Americans just had their personal information exposed in the Yale New Haven Health data breach – and lawsuits are already rolling inNews A data breach at Yale New Haven Health has exposed data belonging to millions of people – and lawsuits have already been filed.
