Skip Ribbon Commands
Skip to main content
Sign In
{{'GLOBAL_MESSAGE_HEADLINE' | translate}}
{{'GLOBAL_MESSAGE_CHOOSE_LANG' | translate}}
en
日本語
中文
{{'GLOBAL_MESSAGE_OR' | translate}}
{{'GLOBAL_MESSAGE_SET_COUNTRY' | translate}}
{{'ELOQUA_BANNER_DECLINE_CONFIRM' | translate}}
{{'ELOQUA_BANNER_DECLINE_CONFIRM_CLOSE' | translate}}
{{'ELOQUA_BANNER_ACCEPT' | translate}}
{{'ELOQUA_BANNER_DECLINE' | translate}}
Read the latest
Product Security Updates

Product Security Bulletin for RIPPLE20 Issue

19 OCTOBER 2020


Background

Terumo Blood and Cell Technologies is aware of and is currently monitoring RIPPLE20.

As a result, product technical teams are performing technical assessments to determine whether RIPPLE20 presents a measurable cybersecurity risk.


Response

Terumo Blood and Cell Technologies is currently working with each product team and assessing whether and how RIPPLE20 could be used to exploit our products. While some technical assessments have been completed, others are still ongoing.


Terumo Blood and Cell Technologies products that are confirmed to be unaffected by RIPPLE20:

The product list below is available to customers to help identify existing Terumo Blood and Cell Technologies products that have been confirmed to be unaffected by RIPPLE20. The list provided below is not comprehensive and may be updated as more products are assessed. It does not indicate the patch or device status.

  • Trima Accel® Automated Blood Collection System
  • Trima Accel® Procedure Summary
  • Trima KPI Dashboard
  • Vista® Information System
  • Cadence® Data Collection System
  • Spectra Optia® Apheresis System
  • Mirasol® Pathogen Reduction Technology
  • Reveos® Automated Blood Processing System
  • Quantum® Cell Expansion System
  • FINIA® Fill and Finish System
  • Cell Processing Application
  • InfoVu
  • TOMEs (Terumo Operational Medical Equipment Software)
  • T-RAC II (Terumo Recording & Automatic Blood Collector)
Customers that maintain patches independent of Terumo Blood and Cell Technologies delivery should ensure that these actions are performed as the acting entity responsible for maintaining the correct security posture of the system(s).


Snake Ransomware Security Update

22 May 2020

Terumo BCT is aware of the Snake Ransomware global cybersecurity threat. Internal teams performed technical product assessments to determine any potential risks. No Terumo BCT device or software products were identified as possessing critical risks specific to this type of ransomware threat. Ransomware attacks can best be prevented using organizational security controls. Terumo BCT recommends that customers take comprehensive measures to ensure the appropriate level of protection is in place within their environment such as:

  • Educating employees about possible attacks using social engineering methods and how to counteract them.
  • Secure configuration of email servers providing the proper level of security. These configurations include authentication mechanisms (SPF record, DKIM signature, DMARC settings) and scanning and filtering of contents of email messages and attachments.
  • Secure network configuration including the use of firewalls. Remote access should not be enabled for any internal systems unnecessarily. When remote access is necessary, use of VPN is recommended.
  • Timely updating of all 3rd-party software used within the organization.
  • Regular backup of data, especially data stored within on-premise file servers.


Additional information will be posted on this page as it becomes available. For questions or additional information, please contact productsecurity@terumobct.com.


Wind River TCP/IP Stack Security Update

12 September 2019

Terumo BCT is aware of the Wind River TCP/IP Stack cybersecurity vulnerabilities in the VxWorks platform. Internal Terumo BCT teams performed product assessments that utilize the VxWorks RTOS versions impacted by the 3 critical and 8 non-critical vulnerabilities, CVE-2019-12255 through CVE-2019-12265. No critical risks were identified with Terumo BCT products using VxWorks due to the vulnerabilities. The architecture and design of the devices would put them in a safe state either by noncontinuable alarm or reboot, both of which maintain patient and donor safety. Terumo BCT will perform the patch to address the vulnerabilities as part of the already scheduled releases for these products nonetheless. Terumo BCT actively monitor our company’s internal Internet-connected devices, as well as the broader industry for other possible cybersecurity vulnerabilities. Terumo BCT continues to recommend that everyone in the global healthcare ecosystem employ industry standard best-practice network security management and monitoring of their environments. For questions or additional information, please contact your local Terumo BCT representative.


​​​​​​

{{'SEARCH_MODAL_TITLE' | translate }}
{{'SEARCH_MODAL_OR' | translate }}

{{'SEARCH_MODAL_BROWSE' | translate }}
{{'SEARCH_MODAL_CHOOSE_LANGUAGE' | translate }} {{'SEARCH_MODAL_CHANGE_LANGUAGE' | translate }}
{{$index+1}}. {{s.label}}