Medical infusion pumps that are readily available on the secondary market are being improperly de-acquisitioned, leaving behind important data that could be used to access medical networks and retrieve critical identifiable information. In this report, Principal Security Researcher, Deral Heiland, tears down more than 13 commercially available infusion pumps discovering serious deficiencies in security processes.
Here’s what we found:
Articulates the physical and technical examination of 13 medical infusion pumps that were de-acquisitioned and sold on the secondary market such as eBay.
Shows that on at least eight of these pumps, wireless authentication data for the organizations that previously owned the pumps was still readily available.
Argues for a more comprehensive and systematic process for de-acquisitioning medical infusion pumps to better protect network access points and important patient information.