On Tuesday, December 21, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) published a vulnerability medical advisory ICSMA-21-355-01 on the Fresenius Kabi Agilia Connect Infusion System.
Successful remote exploitation of these vulnerabilities could allow an attacker to gain access to sensitive information, modify settings, or perform arbitrary actions as an unauthorized user.
Affected components requiring a software security patch include:
- Agilia Connect WiFi module of the pumps vD25 and prior;
- Agilia Link+ v3.0 D15 and prior;
- Vigilant Software Suite v1.0: Vigilant Centerium, Vigilant MasterMed and Vigilant Insight; and
- Agilia Partner maintenance software v3.3.0 and prior.
Fresenius Kabi has created new versions to address these vulnerabilities. Fresenius Kabi also identified that approximatively 1,200 infusion pumps would need hardware changes. Until replacements can be made in customers’ installations, Fresenius Kabi recommends users rely on CISA’s recommendations for temporary alternatives.
Healthcare delivery organizations are advised to follow the recommendations published by CISA and Fresenius Kabi to avoid cybersecurity risks that could affect the safety and essential performance of the Fresenius Kabi Agilia Connect Infusion System.