The bug affects Pyxis ES versions 1.3.4 to 1.6.1 and Pyxis Enterprise Server with Windows versions 4.4 through 4.12.
Becton Dickinson said the vulnerability allowed a hacker or unauthorized party to use the credentials of a previous user to gain entry into the device, the HIPAA Journal reports. Hospitals that do not leverage the device’s Active Directory domain are not affected.
After reporting the vulnerability to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the flaw was given a 7.6 score out of 10. This was because the bug can be remotely exploitable with a low level of skill.
Becton Dickinson has released a patch for the vulnerability. The company said only a limited number of hospitals will be affected, reports the HIPAA Journal.
More articles on cybersecurity:
Allegheny Health Network warns patients of ‘phone number spoofing’
MUSC Health nurse posted unauthorized photo of infant patient on social media
14 healthcare privacy incidents in August