When we tell you about Internet security flaws, they're serious issues that need to be quickly addressed. For instance, if there's a newly discovered vulnerability that hackers can exploit, you want to know about that right away, so you can protect your devices and personal information.
However, there are even more serious situations, when it can mean the difference between life and death. Case in point: medical equipment that your doctors and nurses use to cure you of illness, or keep you alive.
The FDA a few months ago, for instance, issued a warning that hackers could remotely control infusion pumps that are used to continually give patients medication or nutrition. Now, cybersecurity experts are warning that they've discovered more than 1,400 vulnerabilities in CareFusion's Pyxis SupplyStations.
These are automated systems to dispense medical supplies, and keep real-time records of when they are dispensed. Worse, more than half those vulnerabilities are critical. In other words, hackers will basic computing skills can hack into these systems, and remotely take them over.
The affected devices are older and run on customized versions of Microsoft's Windows XP. The security flaws were found in Pyxis SupplyStations 8.0, 8.1.3, 9.0, 9.1, 9.2, and 9.3.
The systems still work well and may be too costly for some healthcare facilities to replace. If that's the case, its maker CareFusion has issued a recommendation.
"For customers not pursuing the remediation path of upgrading devices, CareFusion has provided compensating measures to help reduce the risk of exploitation," including: Take the system offline; use secure methods to connect, such as a Virtual Private Network (VPN); and monitor network traffic.