Threat Intel: PwnedPiper Pneumatic Tube System Zero-Day

PwnedPiper Vulnerabilities Could Allow Employee Credential Theft and Interrupt Lab Sample Delivery
Cynerio
Aug 4, 2021
Threat Intelligence

What is PwnedPiper?

Located behind hospital walls, and unseen by most patients, the network of air-pressurized tubes called pneumatic tube systems (PTS) help transport blood and test samples, medications and other important healthcare materials between departments. One of the most popular of these PTS systems, the Translogic line by manufacturer Swisslog Healthcare, was recently found to have several vulnerabilities that hackers could leverage to halt hospital delivery systems or breach sensitive personal information about hospital employees.

The PwnedPiper vulnerability allows potential attackers to gain control of the Translogic Nexus Control Panel that underpins the PTS systems’ functionality without having to authenticate to the network. This would allow attackers a chance to execute code remotely and launch denial-of-service attacks.

Why are PwnedPiper Vulnerabilities so Threatening to Healthcare Organizations?

If a critical pneumatic tube system vulnerable to PwnedPiper is exploited:

1.   The pneumatic tube system that allows hospitals to quickly send critical healthcare samples and medications to patients could be shut down, which would prevent patients from receiving test results and medication in a timely manner. This could adversely affect care, especially when patients require rapid medical decisions to be made in critical cases.

2.   Attackers could obtain total control of the PTS network and launch a ransomware attack, steal sensitive hospital employee data, or gather intelligence about the physical configuration of the PTS network.

3.   In a worst case scenario, attackers could access the RFID card data that opens doors at a hospital, threatening the physical security of the hospital premises.rm.

What Medical Devices Are Vulnerable?

Since the flaws are in the firmware of the control panel of Swisslog Healthcare’s Translogic PTS systems, theoretically any device with the control panel on it could be vulnerable. An advisory issued by the manufacturer noted that the firmware vulnerabilities affect the HMI-3 circuit board in the control panel when the PTS is connected to the ethernet, and that the affected systems are mostly used by hospitals in North America.

What Can Healthcare Organizations Do to Mitigate the PwnedPiper Threat?

First, organizations need to determine if any of the Swisslog Healthcare PTS systems on their networks are affected by the PwnedPiper vulnerabilities, and flag critical devices. Swisslog Healthcare has issued a software update for the affected firmware, which patches all except one of the vulnerabilities. Swisslog Healthcare has also provided mitigation steps for that vulnerability.

How Cynerio’s IoT Cybersecurity Platform Works to Protect Healthcare Organizations from PwnedPiper and Other Device Vulnerabilities

Cynerio is always working to ensure the security of your medical devices. To carry this out, we will:

·      Continuously monitor to identify every device affected on your network

·      Assess each device’s risk level to prioritize remediation

·      Direct you to the appropriate patch that the vendor has supplied when possible

·      Work closely with your organization to configure and validate operationally safe segmentation policies that limit device access to the internet and block remote access.

To learn more about Pwned Piper vulnerabilities and how Cynerio can help you mitigate the threat, contact us.

Additional Resources

Swisslog Healthcare Statement on PwnedPiper


Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability