CareFusion Hit By Possible Cyber Attack
The company may have been the target of a cyber attack that lasted more than two months and compromised customers that downloaded software updates for its medical device products.
June 19, 2012
CareFusion may have been the target of a cyber attack that lasted more than two months and compromised customers that downloaded software updates for its medical device products.
According to the IT security news service Threatpost, data from the Clean MX virus database show viasyshealthcare.com, a CareFusion-owned site that distributes software for its infusion pumps and ventilation and respiratory products, sent visitors to a site that could have infected them with malicious software from March 23, 2012 to May 31. The breach was discovered when an assistant professor at the University of Massachusetts, Amherst, alerted the company, DHS, and FDA after receiving a warning message when trying to access the site, according to Threatpost.
It is not yet known how many CareFusion customers might have been affected by the attack, but DHS is working with the company to remedy the situation, according to the news service. The cause of the attack is also undetermined, though Threatpost reports that DHS determined that CareFusion's failure to keep up with software updates might have contributed.
Threatpost reported that the viasyshealthcare.com site was down Monday afternoon, and it is still unavailable Tuesday around 2 p.m. EST.
Medical device security has been a hot topic ever since Jay Radcliffe hacked his insulin pump on stage at the Black Hat security conference last year. The act spurred a response from Medtronic, the maker of the pump; calls by members of Congress for an investigation; and scrutiny of device security in the media.
Looks like it's about to come into the spotlight again.
—Jamie Hartford is the associate editor of MD+DI and the managing editor of MED. Follow her on Twitter @readMED.
You May Also Like