Google’s Safe Browsing has revealed that a number of websites owned by Care Fusion Inc, a company from San Diego that supplies hospital equipment, have been listed for suspicious activity.
While at first glance this may not seem such a big deal, according to Threat Post
, the affected websites, including viasyshealthcare.com
, are used to distribute firmware updates for medical devices such as respirators and ventilators.
Now, the Department of Homeland Security (DHS) is trying to find out how 20 of the 347 webpages ended up hosting 48 Trojans and 3 scripting exploits. However, initial analysis has showed that the company is still relying on old versions of IIS and ASP.NET.
Google’s engines last appointed viasyshealthcare.com
as containing malicious elements on June 13, but apparently the infection started at least 10 days before that.
On June 8, Kevin Fu posted an advisory on the Medical Device Security Center blog, recommending everyone to refrain from downloading software from the site after Google had warned him of suspicious activity.
“Today I tried to download a software update for CareFusion AVEA Ventilators. What I found may disturb hospital IT staff,” wrote
Fu, professor at University of Massachusetts.
“When I clicked on the highlighted link for ‘AVEA Ventilator software update,’ a second dialog box popped up, ‘Warning: Visiting this site may harm your computer.’,” he added.
He attempted to contact the company, but he was unsuccessful, so he tried to report his findings to the U.S. Federal Food and Drug Administration (FDA) which, unfortunately, doesn’t handle cybersecurity reports separately.
“The NIST Information Security and Privacy Advisory Board points out that current medical device reporting methods are not designed to capture indicators of medical device cybersecurity problems. It's a systemic problem of both government and industry, and is not unique to CareFusion,” Fu noted.
At press time, Google’s Safe Browsing appointed the www.viasyshealthcare.com website as being safe.