Skip Ribbon Commands
Skip to main content
Sign In
{{'GLOBAL_MESSAGE_HEADLINE' | translate}}
{{'GLOBAL_MESSAGE_CHOOSE_LANG' | translate}}
en
日本語
中文
{{'GLOBAL_MESSAGE_OR' | translate}}
{{'GLOBAL_MESSAGE_SET_COUNTRY' | translate}}
{{'ELOQUA_BANNER_DECLINE_CONFIRM' | translate}}
{{'ELOQUA_BANNER_DECLINE_CONFIRM_CLOSE' | translate}}
{{'ELOQUA_BANNER_ACCEPT' | translate}}
{{'ELOQUA_BANNER_DECLINE' | translate}}
Read the latest
Product Security Updates

Product Security Bulletin for RIPPLE20 Issue

03 AUGUST 2020


Background

Terumo BCT is aware of and is currently monitoring RIPPLE20.

As a result, product technical teams are performing technical assessments to determine if RIPPLE20 presents a measurable cybersecurity risk.


Response

Terumo BCT is currently working with each product team and assessing if and how RIPPLE20 could be used to exploit our products. While some technical assessments have been completed, others are still ongoing.


Terumo BCT products that are confirmed to be unaffected by RIPPLE20:

The product list below is available to customers to help identify existing Terumo BCT products that have been confirmed to be unaffected by RIPPLE20. The list provided below is not comprehensive and may be updated as more products are assessed. It does not indicate the patch or device status.

  • Reveos® Automated Blood Processing System
  • FINIA® Fill and Finish System
  • Cell Processing Application
  • Trima Accel® Procedure Summary
  • Vista® Information System
  • Trima Accel® Automated Blood Collection System
  • Quantum® Cell Expansion System
  • Cadence® Data Collection System
  • Spectra Optia® Apheresis System
  • Mirasol® Pathogen Reduction Technology
  • InfoVu
  • Trima KPI Dashboard
Customers that maintain patches independent of Terumo BCT delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).


Snake Ransomware Security Update

22 May 2020

Terumo BCT is aware of the Snake Ransomware global cybersecurity threat. Internal teams performed technical product assessments to determine any potential risks. No Terumo BCT device or software products were identified as possessing critical risks specific to this type of ransomware threat. Ransomware attacks can best be prevented using organizational security controls. Terumo BCT recommends that customers take comprehensive measures to ensure the appropriate level of protection is in place within their environment such as:

  • Educating employees about possible attacks using social engineering methods and how to counteract them.
  • Secure configuration of email servers providing the proper level of security. These configurations include authentication mechanisms (SPF record, DKIM signature, DMARC settings) and scanning and filtering of contents of email messages and attachments.
  • Secure network configuration including the use of firewalls. Remote access should not be enabled for any internal systems unnecessarily. When remote access is necessary, use of VPN is recommended.
  • Timely updating of all 3rd-party software used within the organization.
  • Regular backup of data, especially data stored within on-premise file servers.


Additional information will be posted on this page as it becomes available. For questions or additional information, please contact productsecurity@terumobct.com.


Wind River TCP/IP Stack Security Update

12 September 2019

Terumo BCT is aware of the Wind River TCP/IP Stack cybersecurity vulnerabilities in the VxWorks platform. Internal Terumo BCT teams performed product assessments that utilize the VxWorks RTOS versions impacted by the 3 critical and 8 non-critical vulnerabilities, CVE-2019-12255 through CVE-2019-12265. No critical risks were identified with Terumo BCT products using VxWorks due to the vulnerabilities. The architecture and design of the devices would put them in a safe state either by noncontinuable alarm or reboot, both of which maintain patient and donor safety. Terumo BCT will perform the patch to address the vulnerabilities as part of the already scheduled releases for these products nonetheless. Terumo BCT actively monitor our company’s internal Internet-connected devices, as well as the broader industry for other possible cybersecurity vulnerabilities. Terumo BCT continues to recommend that everyone in the global healthcare ecosystem employ industry standard best-practice network security management and monitoring of their environments. For questions or additional information, please contact your local Terumo BCT representative.


​​​​​

{{'SEARCH_MODAL_TITLE' | translate }}
{{'SEARCH_MODAL_OR' | translate }}

{{'SEARCH_MODAL_BROWSE' | translate }}
{{'SEARCH_MODAL_CHOOSE_LANGUAGE' | translate }} {{'SEARCH_MODAL_CHANGE_LANGUAGE' | translate }}
{{$index+1}}. {{s.label}}