« Information Technology
  

3,000 Hospitals Vulnerable Due to Pneumatic Tube Flaws

80 percent of hospitals in North America use system

By Chris Miller, Assistant Editor, Facility Market


Vulnerabilities have been discovered in a pneumatic tube system used by more than 3,000 hospitals worldwide, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The report referred to nine critical weaknesses in the tube systems that allow for a complete cyber hijacking of the translogic nexus control panel, which powers the systems created by Swisslog Healthcare. More than 80 percent of hospitals in North America use the system, according to Xtelligent Healthcare Media. Pneumatic tube systems play a critical role in patient care to deliver medications, blood products, and various lab samples across multiple departments. 

A vulnerability could let in complex ransomware attacks while allowing attackers to leak sensitive hospital information. The vulnerabilities in the system, which are called PwnedPiper, can be taken advantage of to access a hospital’s network and take over Nexus control panel stations without proper verification. There has not been any evidence that cyber attackers have abused these newfound vulnerabilities.

Researchers from Armis, a California-based security vendor, found these vulnerabilities and reported them to Swisslog Healthcare on May 1, according to Becker’s Hospital Review. CISA is encouraging all hospitals with this system to take immediate defensive measures against potential cyber attacks. 

Armis gave several examples of the tube systems features and how they could be hacked.

First, the system allows for the authentication of staff members using their RFID cards, and this puts staff records and credentials at risk to potential cyber attackers if the system were to be compromised.

Second, the system supports variable speed transactions which allow for express shipment of more urgent items in one respect, and in another allow for the slow transfer of sensitive items like blood products. If an attacker infiltrated the system, he or she could alter its speed restrictions, which could then damage sensitive items.

Third, the pneumatic tube system has an alert messaging feature that integrates with hospital communications, enabling the notification and tracking of delivered carriers. If an attacker were to exploit this feature, he or she could interfere with the hospital’s workflows.



August 9, 2021


Topic Area: Information Technology

Recent Posts

What 'Light' Daily Cleaning of Patient Rooms Misses

Most environmental services workers still clean as if they were wiping dust off a countertop, not disrupting a living, structured community.

Sprinkler Compliance: Navigating Code Mandates, Renovation Triggers and Patient Safety

As CMS deadlines approach and renovation projects accelerate, healthcare facility managers must understand how NFPA 101, state fire codes and sprinkler design strategies intersect.

MUSC Board of Trustees Approves $1.1B South Carolina Cancer Hospital

Research and education are intentionally embedded in the hospital’s design, with dedicated spaces for scientific collaboration, clinical investigation and training.

Study Outlines Hand Hygiene Guidelines for EVS Staff

Researchers find that current guidelines for hand hygiene don’t include EVS workers and suggest indicators to fill that gap.

McCarthy Completes $65M Sharp Rees-Stealy Kearny Mesa MOB Modernization

The completed tenant improvement includes approximately 100,000 square feet of improved space across two buildings and represents an investment of $65 million.

 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.