Threatpost – (National; California) Software update site for hospital respirators found riddled with malware. Google blocked a website used to distribute software updates for a wide range of medical equipment after it was found to be riddled with malware and serving up attacks, Threatpost reported June 14. The site belongs to San Diego-based CareFusion Inc., a hospital equipment supplier. The infected websites, which use many domains, distribute firmware updates for various ventilators and respiratory products. Scans by Google's Safe Browsing program in May and June found the sites were rife with malware. About 6 percent of the 347 webpages hosted at Viasyshealthcare(dot)com, a CareFusion website used to distribute software updates for the company's AVEA brand ventilators, were infected and pushing malicious software to visitors' systems. The software downloaded from Viasyshealthcare(dot)com included 48 Trojan horse programs and 2 scripting exploits, according to a review of the Google Safe Browsing report by Threatpost. Another domain, sensormedics(dot)com, which supports CareFusion's VELA brand ventilators, was also found to serve "content that resulted in malicious software being downloaded and installed without user consent," according to a June 13 scan by Google's Safe Browsing crawler. CareFusion removed links to the infected websites hosting software updates for the respirators from its Product Support page. However, the company still offered links for parts and supplies for CareFusion's 3100A High Frequency Oscillatory Ventilator and LTV series ventilators that were also infected, according to Google.
Ali Loney is a Senior UX Designer at Walmart Labs. She is based in Canada and was the former Graphic Designer at Sonatype.
Explore All Posts by Ali LoneyTags
Discover a Better Way to SCA
Forrester evaluated 10 SCA providers and recognized Sonatype with the highest possible scores. Learn why Sonatype was named a leader in Forrester Wave™ for SCA.