There has been two ICS Medical Advisories for Baxter products from the Cybersecurity and Infrastructure Security Agency (CISA). Credit: JHVEPhoto via Shutterstock. The US Department of Health and Human Services’ Health Sector Cyber Coordination Center has warned healthcare entities about serious security issues in two medical device products from Baxter, namely the Baxter Welch Allyn Configuration Tool, and the Baxter Welch Allyn Connex Spot Monitor (CSM).
This follows two ICS Medical Advisories for Baxter products from the Cybersecurity and Infrastructure Security Agency (CISA), denoting a “high” risk associated with the flaws. If someone takes advantage of these flaws, they could gain access to sensitive information such as passwords or change important settings and software on the devices. This tampering could compromise the devices and disrupt patient care.
The first vulnerability, CWE-522, involves the insecure handling of passwords, making them easy targets for hackers. The second, CWE-1394, involves using preset encryption keys that, if not changed, can lead to easy system breaches. Baxter advises that any passwords used with the configuration tool should be changed immediately to prevent potential problems.
Although no attacks have been reported yet, Baxter plans to release a fix for this problem by Q3 2024. The CISA said that the Welch Allyn Configuration Tool has been removed from public access. The Baxter Welch Allyn CSM is a device used to measure and monito.
