Medfusion 4000 Cyber Security Statement
Thursday September 07 2017
Dear Valued Customer,
A cyber security exploit affecting Medfusion® 4000 devices has been identified and, given our enduring commitment to patient safety and device cybersecurity, we are contacting you to provide details and our plan to safeguard against issues.
The possibility of this exploit taking place in a clinical setting is highly unlikely, as it requires a complex and an unlikely series of conditions. We have been engaged with the FDA Center for Devices and Radiological Health and the U.S. Department of Homeland Security’s Industrial Control System – Computer Emergency Response Team (ICS-CERT) to resolve this issue.
In partnership with ICS-CERT, we have released the technical details of this exploit and actions that you should take to protect against it. This is available at https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A. Please confer with your IT colleagues to ensure these safeguards are in place to continue safe delivery of fluids and medication for your patients.
Further, we are preparing a software security update that will be rolled-out by January 2018 to resolve this issue and to protect against the potential of future cyber security exploits.
The safety of your patients and security of our devices is of paramount importance and remains our unwavering commitment to you. If you have any questions, please contact Smiths Medical’s Customer Services team at email@example.com or 866-831-8399.
Thank you for being a Smiths Medical Medfusion® 4000 customer, and I sincerely apologize for this inconvenience. The strength of our business and technology is a result of customers like you.
Chief Technology Officer and Vice President, R&D