Most medical infusion pumps sold via secondary market sources still contain Wi-Fi configuration settings from the original organization that deployed them, cybersecurity firm Rapid7 has discovered.
Follow
"reason these devices pose such a risk is a lack of (or lax) process for de-acquisitioning them before they are sold on sites like eBay. In at least eight of the 13 devices used in the study, WiFi PSK access credentials were discovered, offering attackers potential access to health organization networks."