New Report: Medical Health Care Organizations Highly Vulnerable Due to Improper De-acquisition Processes

Medical infusion pumps that are readily available on the secondary market are being improperly de-acquisitioned, leaving behind important data that could be used to access medical networks and retrieve critical identifiable information. In this report, Principal Security Researcher, Deral Heiland, tears down more than 13 commercially available infusion pumps discovering serious deficiencies in security processes.

Here’s what we found:

  • Articulates the physical and technical examination of 13 medical infusion pumps that were de-acquisitioned and sold on the secondary market such as eBay.

  • Shows that on at least eight of these pumps, wireless authentication data for the organizations that previously owned the pumps was still readily available.

  • Argues for a more comprehensive and systematic process for de-acquisitioning medical infusion pumps to better protect network access points and important patient information.

Read The Report

Rapid7 is trusted by over 11,000 customers