A PTS system used by over 80% of major hospitals in North America features as many as nine critical vulnerabilities that can allow attackers to conduct man-in-the-middle attacks and denial-of-service attacks.
The vulnerabilities were discovered by security platform provider Armis in the Nexus Control Panel which powers all current models of Translogic pneumatic tube system (PTS) stations by Swisslog Healthcare. The PTS system is used by more than 3,000 hospitals worldwide, including more than 80% of major hospitals in North America.
TransLogic Pneumatic Tube Systems (PTS), which are offered by Swisslog Healthcare to hospitals worldwide, helps automate many repetitive tasks performed by hospital personnel, thereby enabling them to devote more time to patient-facing activities and adding security and efficiency to hospital operations.
These PTS systems are custom-made for hospitals and handle over 10,000 transactions per day, thereby delivering efficiencies through automated material transport. They are widely used for transporting sensitive materials such as lab specimens, blood products, pathology lab tests, medications, and more.
Security firm Armis, which specializes in offering unified asset visibility and security platforms, recently discovered nine critical vulnerabilities in a control panel that powers all models of the TransLogic PTS system. The firm said that the class of vulnerabilities, dubbed PwnedPiper, allow for complete take over of the Translogic Nexus Control Panel as well as older IP-connected Translogic stations.
Noting that the Translogic PTS system is an advanced system that integrates with other hospital systems, Armis said that if the system is compromised, an attacker can also gain access to or manipulate information exchanges between various systems, thereby compromising sensitive patient and employee data.
Following are the ways hackers can exploit advanced features in the PTS system:
- The system has a Secure Transfers functionality that ensures that carriers are released to certain employees only when they present their RFID card and/or password. Hackers can access RFID data and associated passwords after compromising the system.
- After compromising a system, a hacker can control the speed of transactions or even stop express shipment of urgent items. They may also increase the transfer speed of blood products to damage them.
- A hacker can interfere with the hospital’s workflows by abusing communications between the compromised system and a hospital’s communication solutions.
“This research sheds light on systems that are hidden in plain sight but are nevertheless a crucial building block to modern-day healthcare. Understanding that patient care depends not only on medical devices, but also on the operational infrastructure of a hospital is an important milestone to securing healthcare environments,” said Nadir Izrael, co-founder and CTO at Armis.
Soon after the vulnerabilities were made public, Swisslog Healthcare issued a statement to confirm the report, stating that the vulnerabilities were associated with the HMI-3 circuit board inside NexusTM Panels when connected using an Ethernet connection.
“The potential for pneumatic tube stations (where the firmware is deployed) to be compromised is dependent on a bad actor who has access to the facility’s information technology network and who could cause additional damage by leveraging these exploits,” said Jennie McQuade, Chief Privacy Officer.
The healthcare solutions provider said that after learning about the vulnerabilities from Armis, it confirmed the identity of potentially affected files and versions, evaluated the firmware to assess the vulnerabilities and their implications, replicated vulnerabilities in the test lab environment, developed solutions to address the identified vulnerabilities, and initiated customer contact to offer mitigation strategies and support for onsite IT security teams.
To strengthen the security of its products, the firm is also analyzing its software code from time to time, conducting patching and testing of operating system compatibility, evaluating product line enhancements, collaborating with reputable third-party researchers, and ensuring external audits of product, service, and security practices.
Image Source: Swisslog Healthcare