BD update on Heartbleed vulnerability
April 15, 2014
The U.S. Computer Emergency Readiness Team (US-Cert), a division of the U.S. Department of Homeland Security (DHS), recently released a security advisory about a serious vulnerability (CVE-2014-0160) in OpenSSL, a popular, open-source encryption service used to secure network and web communication. This security concern is widely known as the Heartbleed vulnerability.
The safety and security of our manufactured medical devices are not at risk by the Heartbleed vulnerability. BD takes product safety and security—along with all information security matters—very seriously. Once we became aware of the Heartbleed vulnerability, we immediately began investigating potential risks to our products and our customer-facing websites and related services.
We continue to monitor and investigate the situation and, as of April 15th, are confident that these customer-facing products and systems are secure and not affected by the Heartbleed vulnerability:
- Alaris™ PC unit
- Alaris Systems Manager software web clients
- Alaris Viewer Suite
- Axeda and Bomgar Remote Support Services (RSS) and access platforms for Alaris and Pyxis™ technologies
- CareFusion Coordination Engine
- BD Customer Portal, available for Pyxis technologies customers at cp.carefusion.com
- Knowledge Portal analytics solutions for infusion technologies, Pyxis medication and supply technologies, and ventilator therapy
- MedMined® Surveillance Advisor
- Pyxis technologies
- Respiratory diagnostics products
- The StartClean cleansing program patient reminder, at startcleanreminder.com/Pages/PatientReminder
- The supplier and distributor communication portal, at vision.carefusion.com
- Teamviewer RSS for ventilation technologies
BD continues to investigate the matter and monitor the situation closely. We will update this page with additional, relevant information as it becomes available.