The Infinity Acute Care System (IACS) Monitoring Solution with the Standalone Infinity M540 patient monitor. Model nos. MS25510, MS25520, MS26372.
- Company
- Draegar Medical Systems, Inc.
- Recall Initiated
- September 13, 2019
- Posted
- October 31, 2019
- Recall Number
- Z-0258-2020
- Quantity
- 5634
- Firm Location
- Andover, MA
Reason for Recall
Cybersecurity vulnerabilities may cause device to reboot, lose alarm functionality, and/or lose communication with cockpit and/or the Infinity Network.
Distribution
US Nationwide distribution.
Lot / Code Info
Software version VG4.1.1/VG4.0.3 and lower
Root Cause
Software design
Action Taken
On September 13, 2019, the firm distributed Urgent Medical Device Recall letters to customers. Customers were informed of the cybersecurity vulnerabilities, which can include Distributed Denial of Service (DDOS) (packet storm), Spoofing, and Tampering. To mitigate the cybersecurity concerns, Draeger will be releasing software version VG4.2 for both the Cockpit and the M540, which will correct these cybersecurity vulnerabilities. The software is expected to be released for distribution in December 2019. Upgrades of the IACS systems will commence in January 2020. While the firm is in the process of updating the software, customers are asked to limit access to the Infinity Network by following these security recommendations: 1. Physical security of the patient monitors is recommended and is the responsibility of the operating organization. 2. Physical security of the telecommunications closet is recommended and is the responsibility of the operating organization. 3. Draeger recommends that operating organizations restrict physical access to unused Ethernet ports on the IACS. 4. Draeger recommends that operating organizations restrict physical access to unused USB and serial ports on the IACS. 5. Draeger relies on the medical device isolation mechanism of the VLANs and the proper configuration, implementation, and use of the operating organization's security measures to prevent the introduction of malware onto the Infinity Network. Your local Draeger Service Representative will contact you to schedule an appointment to upgrade your system(s) software free of charge once the new software version is released for distribution. If you have any questions regarding this letter, please contact Michael Kelhart between the hours of 8:00 AM - 4:30 PM EST at 1-800-437-2437 (press 1 at the prompt, then 32349).