The U.S. FDA has issued an advisory regarding vulnerabilities identified in the Axeda line of remote access software published by PTC Inc., which may affect more than 100 products made by dozens of manufacturers. The vulnerability could allow a hacker to trigger changes in the operation of the affected devices, a massive risk to patients undergoing medical imaging and radiotherapy procedures. The FDA notice stated that the Axeda Agent and desktop server programs are the subject of a notice by the Cybersecurity & Infrastructure Security Agency (CISA), which characterizes the vulnerability as requiring only a low-complexity attack to exploit.
The FDA applied a class I tag to the recall of Dose IQ software used in infusion pumps made by Baxter Healthcare because of a defect in the software, although there have been no reported injuries or fatalities. The defect is blamed for creating mismatches between the drug library and the drug loaded into the infusion pump, which can lead to potentially deadly over- or under-infusion of the medication.