The US Department of Health and Human Services’ Health Sector Cyber Coordination Center has warned healthcare entities about serious security issues in two medical device products from Baxter, namely the Baxter Welch Allyn Configuration Tool, and the Baxter Welch Allyn Connex Spot Monitor (CSM). 

This follows two ICS Medical Advisories for Baxter products from the Cybersecurity and Infrastructure Security Agency (CISA), denoting a “high” risk associated with the flaws. If someone takes advantage of these flaws, they could gain access to sensitive information such as passwords or change important settings and software on the devices. This tampering could compromise the devices and disrupt patient care.  

The first vulnerability, CWE-522, involves the insecure handling of passwords, making them easy targets for hackers. The second, CWE-1394, involves using preset encryption keys that, if not changed, can lead to easy system breaches. 

Baxter advises that any passwords used with the configuration tool should be changed immediately to prevent potential problems. Although no attacks have been reported yet, Baxter plans to release a fix for this problem by Q3 2024. The CISA said that the Welch Allyn Configuration Tool has been removed from public access. 

The Baxter Welch Allyn CSM is a device used to measure and monitor patients’ vital signs, including blood pressure, temperature, and pulse rate in a clinical setting. The configuration tool is a software tool used to set up and manage Welch Allyn medical devices.  

In September 2022, cybersecurity software developer Rapid7 discovered multiple potential vulnerabilities in Baxter’s Sigma Spectrum infusion pumps. The security flaws included a lack of encryption, potential network disruption, and the wireless battery modules could have been breached remotely – allowing hackers to access sensitive patient data or alter device settings. 

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Cybercrime involving hospitals and healthcare has been on the rise over the past decade. A report issued by the US Federal Bureau of Investigation (FBI) found that in 2022 there were 210 ransomware attacks on healthcare facilities, with the overall rate of cyberattacks in 2023 doubling from 2021. According to a report on GlobalData’s Medical Intelligence Center, the global cybersecurity market is forecast to be worth $334bn by 2030, having grown at a compound annual growth rate (CAGR) of 10% between 2022 and 2030. 

Investing in cybersecurity measures is the best way for medical device companies to defend themselves against cyber threats, according to GlobalData analyst Alexandra Murdoch.