Threatpost’s Paul Roberts reports that the U.S. Department of Homeland Security is investigating the compromise of a Web site used to distribute software updates for vital medical equipment. The site, Roberts says, was blocked by Google after it was found to be “riddled with malware.”
“The site belongs to San Diego-based CareFusion Inc., a hospital equipment supplier,” Roberts writes. “The infected Web sites, which use a number of different domains, distribute firmware updates for a range of ventilators and respiratory products. Scans by Google’s Safe Browsing program in May and June found the sites were rife with malware. For example, about six percent of the 347 Web pages hosted at viasyshealthcare.com, a CareFusion Web site that is used to distribute software updates for the company’s AVEA brand ventilators, were found to be infected and pushing malicious software to visitors’ systems.”
“Google’s engines last appointed viasyshealthcare.com as containing malicious elements on June 13, but apparently the infection started at least 10 days before that,” notes Softpedia’s Eduard Kovacs.
“Vendors routinely install software updates for medical devices from the Internet or USB keys,” Medical Device Security Center co-director Kevin Fu explained in a June 8 blog post. “I’ve seen medical sales engineers download pacemaker-related software from the Internet. Today I tried to download a software update for CareFusion AVEA Ventilators. What I found may disturb hospital IT staff … When I clicked on the highlighted link for ‘AVEA Ventilator software update,’ a second dialog box popped up, ‘Warning: Visiting this site may harm your computer.'”