CareFusion Pyxis Homeland Security Alert

On March 29, 2016, the US Department of Homeland Security issued an Advisory regarding the Carefusion Pyxis SupplyStation System Vulnerabilities that would only require an attacker with low skills.  Specific mitigations listed in the Advisory include:

  • Isolate affected products from the Internet and untrusted systems; however, if additional connectivity is required, use a VPN solution.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
  • Monitor and log all network traffic attempting to reach the affected products for suspicious activity.
  • Close all unused ports on affected products.
  • Locate medical devices and remote devices behind firewalls, and isolate them from the business network.
  • Work with local team to ensure all Microsoft patching and ESET virus definitions are up to date. A Security Module for automated WSUS patching and virus definition management is provided to all accounts. SupplyStations Version 8 and Version 9 have been upgraded to ESET.
  • If pcAnywhere is used and has not been upgraded to Version 12.5 Service Pack 4, contact CareFusion’s Customer Support to schedule an upgrade or to have it removed.
  • Use the extended password feature configured for strong passwords, enable the password history tracking feature, and set user passwords to expire according to site policy.

You can see the Advisory at this link:  US Homeland Security Advisory (ICSMA-16-089-01)

Remote Webmeeting Assessments

SoftwareCPR can provide remote offsite assessments to support virtual offices.  Our consultants can utilize webmeeting tools to walk your teams through assessments such as:

  • 62304 compliance
  • Regulatory submission pre-review
  • Software risk analysis
  • Cybersecurity process and validation
  • Overall ISO 14971 risk management
  • Overview of software regulation with John Murray

for more info!

Corporate Office

15148 Springview St
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN) and Italy.