CareFusion Pyxis Homeland Security Alert

On March 29, 2016, the US Department of Homeland Security issued an Advisory regarding the Carefusion Pyxis SupplyStation System Vulnerabilities that would only require an attacker with low skills.  Specific mitigations listed in the Advisory include:

  • Isolate affected products from the Internet and untrusted systems; however, if additional connectivity is required, use a VPN solution.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
  • Monitor and log all network traffic attempting to reach the affected products for suspicious activity.
  • Close all unused ports on affected products.
  • Locate medical devices and remote devices behind firewalls, and isolate them from the business network.
  • Work with local team to ensure all Microsoft patching and ESET virus definitions are up to date. A Security Module for automated WSUS patching and virus definition management is provided to all accounts. SupplyStations Version 8 and Version 9 have been upgraded to ESET.
  • If pcAnywhere is used and has not been upgraded to Version 12.5 Service Pack 4, contact CareFusion’s Customer Support to schedule an upgrade or to have it removed.
  • Use the extended password feature configured for strong passwords, enable the password history tracking feature, and set user passwords to expire according to site policy.

You can see the Advisory at this link:  US Homeland Security Advisory (ICSMA-16-089-01)

Upcoming Training

62304, FDA, and Emerging Standards for Medical Device and HealthIT
Instructors:  Brian Pate, John F. Murray, Jr
Location: Sunnyvale, CA, USA
Dates:  February 4-6, 2020
Registration Link

Receive $300 discount with Premium-Individual subscription purchase (or $333 per person for Premium-Company subscription)!  Email training@softwarecpr.com
to receive discount

QSS Software Validation
Planned Instructors:  Brian Pate, John F. Murray, Jr
Location: Boston, MA, USA
Dates:  June 2-4, 2020
For info on this course, email training@softwarecpr.com

Corporate Office

15148 Springview St
Tampa, FL 33624
USA
+1-781-721-2921
Partners located in the US (CA, FL, MA, MN) and Italy.