Cisco Talos reveals “multiple vulnerabilities” in hardware common at hospitals.
Today, Cisco’s Talos security research group revealed five security vulnerabilities in NeuroWorks, a Windows-based software that is used in multiple electroencephalogram systems sold by Nautus. The Windows-based Natus Xltek NeuroWorks 8 software uses hospitals’ Ethernet networks to connect to EEG devices and integrate with patient data systems, and it is vulnerable to attacks that could allow remote code execution—allowing an attacker to gain access to the data on the device and to other systems on the hospital network—and denial of service. The systems hosting the software could then be used to stage wider attacks on hospital networks.