Armis: Health Care Cybersecurity Vulnerabilities Threaten Most Hospitals

More than 3,000 hospitals globally use the Translogic PTS system.

Edward Gately, Senior News Editor

August 2, 2021

3 Min Read
hospital hallway
Shutterstock

Armis has made a chilling discovery. Nine health care cybersecurity vulnerabilities in critical infrastructure are used by more than 80% of major hospitals in North America.

The vulnerabilities are in the Nexus Control Panel, which powers all models of Translogic’s pneumatic tube system (PTS) stations by Swisslog Healthcare. More than 3,000 hospitals globally use the Translogic PTS system.

The system is responsible for delivering medications, blood products and various lab samples across multiple departments of a hospital.

Swisslog should release a patch on Monday to resolve all but one of the health care cybersecurity vulnerabilities. It will address the remaining vulnerability in future releases.

Big Danger to Hospitals

Ben Seri is vice president of research at Armis. He said the vulnerabilities “absolutely” pose a danger to hospitals.

Seri-Ben_Armis.jpg

Armis’ Ben Seri

“These vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital,” he said. “This type of control could enable sophisticated and worrisome ransomware attacks, as well as allow attackers to leak sensitive hospital information. Compromising the PTS network can allow an attacker to control the paths of the carriers’ transactions and alter the requested destinations of the carriers when a transaction request is sent to the PTS network’s central server. And by acting as a man-in-the-middle, [they] can harvest sensitive information such as hospital personnel credentials.”

An attacker could take over all Nexus stations in the tube network, and hold them hostage in a sophisticated ransomware attack.

Jennie McQuade is Swisslog Healthcare’s chief privacy officer. She said the vulnerabilities only exist when a combination of variables exists. For example, an attacker who has access to the facility’s IT network could cause additional damage by leveraging these exploits.

Existing Security Measures Not Enough

Existing security measures aren’t designed to protect this infrastructure or identify these types of attacks, Seri said. Those include traditional endpoint protection and network security.

“Other than the specific steps outlined in our report, hardening the access to sensitive systems such as PTS solutions, through the use of network segmentation, and limiting access to such devices through strict firewall rules including disabling telnet ports, is always a good practice that should be in use,” he said. “Understanding that patient care depends not only on medical devices, but also on the operational infrastructure of a hospital is an important milestone to securing health care environments.”

Patching the vulnerable Translogic PTS stations is essential, Seri said.

“While a hospital could shut down Swisslog software and operate manually for a short while, this wouldn’t fix the problem. Attackers could launch a persistent attack and stay on the firmware,” he said.

Fixing the issue requires uploading fresh code, Seri said.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like