BD is currently monitoring the Meltdown and Spectre vulnerabilities. While these vulnerabilities are hardware-based, they impact multiple operating systems. A flaw in computer chips could allow malicious software to gain access into other processes and data on any impacted computer or server, including cloud applications. These vulnerabilities are not exclusive to BD or medical devices. It potentially affects every computer and/or device with a computer processor unit (CPU).
BD has assessed these vulnerabilities and identified the risk to have a low-impact. Any attack would require local or physical access, the difficulty in exploiting these vulnerabilities is high and the vulnerabilities do not have the potential to corrupt, modify, or delete data.
As a result of these events, BD recommends the following for systems with a vulnerable processor and an unpatched operating system with any form of network connectivity to minimize risk and impact:
Ensure the following patches have been applied to your devices:
Note: Intel™ has released a statement noting these exploits do not have the potential to corrupt, modify or delete data.
Customers that maintain patches independent of BD automated delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).
BD has provided the list below in order to better help our customers identify any BD products with a computer chip that has the potential to be vulnerable to these threats. The list below of BD products is currently dynamic and will be updated as we complete analysis of products in scope.
Note: This list provided above does not indicate the patch or device status. The intended use of these products does not include email and/or internet browsing. BD is determining compensating controls and prioritizing patch validation and impact for all hosted solutions, including MedMinded and Knowledge Portal.
For product or site-specific concerns, contact your BD service representative. We will update this communication as new information becomes available.
For procedures specific to your product, contact your BD service representative. If you observe symptoms of a ransomware attack, disconnect your system from the network and contact your BD service representative and/or BD Product Security at ProductSecurity@bd.com.