BD is committed to providing safe and secure products to our customers given the important benefits they provide to patient health. We value the confidentiality, integrity and availability of all protected health and personally identifiable information (e.g., PHI, PII) in accordance with all applicable federal and state privacy and security laws, including the Health Insurance Portability and Accountability Act.
This notification provides product security information and recommendations related to a security vulnerability found within specified versions of BD Kiestra™ Total Lab Automation (TLA), BD Kiestra™ Work Cell Lab Automation (WCA) and BD Kiestra™ InoqulA™ +.
In February 2017, BD was made aware of two security concerns from a customer and through internal risk assessment identified an additional security concern with the BD Kiestra platform that could result in an attacker gaining access to the BD Kiestra database and limited PHI/PII information.
Vulnerable data includes:
This vulnerability has been assessed for clinical impact by BD and represents a negligible probability of harm to the patient.
BD has identified a resolution that includes customer action for immediate mitigation:
Starting April 2017, BD will begin taking the following actions, including:
Note: These changes will be implemented through our biannual release, starting April 2017 and may continue through the next biannual rollout in October 2017.
For more information on our proactive approach to product security and vulnerability management, contact our Product Security Office.