Popular technology that hospitals use to send lab samples is vulnerable, researchers found

There's no evidence attackers have exploited the software issue for their own gain.
BAKU, AZERBAIJAN - JANUARY 15: A lab worker holds a test tube before running a polymerase chain reaction. (Photo by Aziz Karimov/Getty Images)

A key technology that hospitals use to deliver medications, blood and other vital lab samples is at significant risk of hacking, new findings suggest.

Researchers from the security vendor Armis found nine critical vulnerabilities in the control panel that powers the Translogic pneumatic tube systems from logistics automation company Swisslog Healthcare.

The Translogic pneumatic tube system is used by more than 3,000 hospitals worldwide and over 80% of hospitals in North America, according to a report published Monday. Researchers warn that the vulnerability could be used to launch a ransomware attack against the delivery system, crippling hospital functions. Hackers could also use such access to leak sensitive medical data.

There’s no evidence attackers have exploited the software issue for their own gain.


Ransomware attacks against hospitals have risen dramatically in recent years, costing organizations millions of dollars and sometimes crippling emergency care.

Five of the vulnerabilities, which researchers have collectively named “PwnedPiper,” can be used to gain access to a hospital’s network and take over a Nexus station without verification. From there, hackers could use the access to scan for data including employee credentials to get access to the wide pneumatic tube system.

“With so many hospitals reliant on this technology we’ve worked diligently to address these vulnerabilities to increase cyber resiliency in these healthcare environments, where lives are on the line,” said Ben Seri, Armis vice president of research.

Armis disclosed the vulnerabilities to Swisslog on May 1 and has been working with the manufacturer on a patch. Swisslog wrote in a security update to consumers that seven of the identified vulnerabilities were removed in a software release update and it has made mitigations for a remaining vulnerability. (Swisslog identified counts two of the vulnerabilities identified by Armis as one.)

Seri and fellow Armis researcher Barak Hadad will present the findings at Black Hat on Wednesday and Thursday.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts