Infinity M300 telemetry monitoring device Software versions VG2.3.1 and lower, Model Numbers MS25755, MS26076, MS26031, MS18623, MS22862, MS25301
- Company
- Draegar Medical Systems, Inc.
- Recall Initiated
- October 9, 2019
- Recall Number
- Z-0372-2020
- Quantity
- 12204
- Firm Location
- Andover, MA
Reason for Recall
The devices have potential cybersecurity vulnerabilities, which can include Distributed Denial of Service (DDoS), Spoofing, and Tampering.
Distribution
US nationwide distribution.
Lot / Code Info
All systems using Software version VG2.3.1 and lower
Root Cause
Software design
Action Taken
An Urgent Medical Device Recall notification letter dated 10/9/19 was sent to customers. Recommended cybersecurity precautions: While we are in the process of updating the software, we recommend that you follow best recommended practices to limit access to the devices and wireless network: " Physical security of the patient monitors is recommended and is the responsibility of the operating organization. " Physical security boundaries to prevent access to your facility's network infrastructure is recommended and is the responsibility of the operating organization. " Drager relies on the medical device isolation mechanism of the VLANs and the proper configuration, implementation, and use of the operating organization's security measures to prevent the introduction of malware onto the Infinity Network. Action required: Please complete the attached Acknowledgement and Response Form and return it to Drager per instructions included on the form. The software upgrade will be provided free of charge. The upgrade path for your M300 device is dependent on the part number of your M300s currently in use. Your local Drager representative will contact you prior to the availability of software version VG2.3.2 to discuss the upgrade path. If you have any questions regarding this letter, please contact Michael Kelhart between the hours of 8:00 AM - 4:30 PM EST at 1-800-437-2437 (press 1 at the prompt, then 32349).