The U.S. Computer Emergency Readiness Team (US-Cert), a division of the U.S. Department of Homeland Security (DHS), recently released a security advisory about a serious vulnerability (CVE-2014-0160) in OpenSSL, a popular, open-source encryption service used to secure network and web communication. This security concern is widely known as the Heartbleed vulnerability.
The safety and security of our manufactured medical devices are not at risk by the Heartbleed vulnerability. BD takes product safety and security—along with all information security matters—very seriously. Once we became aware of the Heartbleed vulnerability, we immediately began investigating potential risks to our products and our customer-facing websites and related services.
We continue to monitor and investigate the situation and, as of April 15th, are confident that these customer-facing products and systems are secure and not affected by the Heartbleed vulnerability:
BD continues to investigate the matter and monitor the situation closely. We will update this page with additional, relevant information as it becomes available.