Threatpost – (National; California) Software update site for hospital respirators found riddled with malware. A website used to distribute software updates for a wide range of medical equipment has been blocked by Google after it was found to be riddled with malware and serving up attacks, Threatpost reported June 14. The site belongs to San Diego-based CareFusion Inc., a hospital equipment supplier. The infected websites, which use many different domains, distribute firmware updates for a range of ventilators and respiratory products. Scans by Google's Safe Browsing program in May and June found the sites were rife with malware. About 6 percent of the 347 webpages hosted at Viasyshealthcare(dot)com, a CareFusion website used to distribute software updates for the company's AVEA brand ventilators, were found to be infected and pushing malicious software to visitors' systems. The software downloaded from Viasyshealthcare(dot)com included 48 Trojan horse programs and 2 scripting exploits, according to a review of the Google Safe Browsing report by Threatpost. Another domain, sensormedics(dot)com, which supports CareFusion's VELA brand ventilators, was also found to be serving "content that resulted in malicious software being downloaded and installed without user consent," according to a June 13 scan by Google's Safe Browsing crawler. CareFusion removed links to the infected websites hosting software updates for the respirators from its Product Support page. However, the company still offered links for parts and supplies for CareFusion's 3100A High Frequency Oscillatory Ventilator and LTV series ventilators that were likewise infected, according to Google.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali Loney
Discover a Better Way to SCA
Forrester evaluated 10 SCA providers and recognized Sonatype with the highest possible scores. Learn why Sonatype was named a leader in Forrester Wave™ for SCA.
