There are no software updates or patches available to address this issue. This is a security concern because the unencrypted data on the WBM is a potential target for an attacker. The unencrypted WBM data can be stolen and used to extract network credentials and PHI from the network. There are no known mitigations available to prevent this from happening. Combining a WBM with a Spectrum pump that uses auto-programming, results in WBM data that is unencrypted and potentially vulnerable to an attacker.
Cisco Security guideline for WBI
There are no known mitigations available to prevent this from happening. Combining a WBM with a Spectrum pump that uses auto-programming, results in WBM data that is unencrypted and potentially vulnerable to an attacker. There are two ways to address this issue:
1. A software update or patch will be released shortly addressing the vulnerability.
2. Customers can disable auto-programming on the pump and manually program it for each patient as needed.
How to Protect Against Unencrypted WBM Data Leakage
Mitigating the risk of unencrypted WBM data leakage is difficult because it requires a complete change in the way that people use Spectrum pumps and WBM. The solution is to switch to an encrypted pump where the WBM data is not transmitted in clear text or using auto-programming. Spectrum provides this option as part of their software update for all customers who own a WBM with a Spectrum pump installed.
Timeline
Published on: 09/09/2022 15:15:00 UTC
Last modified on: 09/15/2022 16:46:00 UTC