Skip Ribbon Commands
Skip to main content
Sign In
{{'GLOBAL_MESSAGE_HEADLINE' | translate}}
{{'GLOBAL_MESSAGE_CHOOSE_LANG' | translate}}
en
日本語
中文
{{'GLOBAL_MESSAGE_OR' | translate}}
{{'GLOBAL_MESSAGE_SET_COUNTRY' | translate}}
{{'ELOQUA_BANNER_DECLINE_CONFIRM' | translate}}
{{'ELOQUA_BANNER_DECLINE_CONFIRM_CLOSE' | translate}}
{{'ELOQUA_BANNER_ACCEPT' | translate}}
{{'ELOQUA_BANNER_DECLINE' | translate}}
Read the latest
Product Security Updates

Product Security Bulletin for NAME:WRECK Issue

17 MAY 2021


Background

Terumo Blood and Cell Technologies is aware of and is currently monitoring NAME:WRECK.

As a result, product technical teams are performing technical assessments to determine if NAME:WRECK presents a measurable cybersecurity risk.


Response

Terumo Blood and Cell Technologies is currently working with each product team and assessing if and how NAME:WRECK could be used to exploit our products. While some technical assessments have been completed, others are still ongoing.


Terumo Blood and Cell Technologies products that are confirmed to be unaffected by NAME:WRECK –

The product list below is available to customers to help identify existing Terumo Blood and Cell Technologies products that have been confirmed to be unaffected by NAME:WRECK. The list provided below is not comprehensive and may be updated as more products are assessed. It does not indicate the patch or device status.

  • Reveos® Automated Blood Processing System
  • Trima Accel® Procedure Summary
  • Vista® Information System
  • Cadence® Data Collection System
  • Mirasol® Pathogen Reduction Technology
  • InfoVu
  • Trima KPI Dashboard
  • TOMEs - Terumo Operational Medical Equipment Software
Customers that maintain patches independent of Terumo Blood and Cell Technologies delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).

Product Security Bulletin for Oracle Database Component Vulnerabilities

04 MAY 2021


Background

Terumo Blood and Cell Technologies is aware of the recently published Oracle Database Components cybersecurity vulnerabilities (CVE-2021-2035, CVE-2021-2018, CVE-2021-2054, CVE-2021-2116, CVE-2021-2117, CVE-2021-1993, CVE-2021-2045, CVE-2021-2000).

As a result, product technical teams have performed technical assessments to determine if the vulnerabilities present a measurable cybersecurity risk.


Response

Terumo Blood and Cell Technologies has confirmed the impact to the following list of products by the Oracle Database Component vulnerabilities.


Terumo Blood and Cell Technologies products that are confirmed to be unaffected by the Oracle Database Component vulnerabilities –

The product list below is available to customers to help identify existing Terumo Blood and Cell Technologies products that have been confirmed to be unaffected by the recently published Oracle Database Component vulnerabilities. The list provided below is not comprehensive and may be updated over time. It does not indicate the patch or device status.

  • Reveos® Automated Blood Processing System
  • FINIA® Fill and Finish System
  • Cell Processing Application
  • Trima Accel® Procedure Summary
  • Trima Accel® Automated Blood Collection System
  • Quantum® Cell Expansion System
  • Cadence® Data Collection System
  • Spectra Optia® Apheresis System
  • Mirasol® Pathogen Reduction Technology
  • InfoVu
  • Trima KPI Dashboard
  • TOMEs - Terumo Operational Medical Equipment Software
  • T-ACE II+ - Terumo Automatic Component Extractor
  • Trucise® Data Management System


Terumo Blood and Cell Technologies products that are confirmed to be susceptible to the Oracle Database Component vulnerabilities –

The product list below is available to customers to help identify existing Terumo Blood and Cell Technologies products that have been confirmed to be susceptible to the recently published Oracle Database Component vulnerabilities. The list provided below is not comprehensive and may be updated over time. It does not indicate the patch or device status.

  • Vista® Information System
    • Oracle 12c for use with Vista Information System v4.2
    • Oracle 19c for use with Vista Information System v4.2.1
Customers that maintain patches independent of Terumo Blood and Cell Technologies delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).



Product Security Bulletin for NAME:WRECK

21 APRIL 2021


Terumo Blood and Cell Technologies is aware of the NAME:WRECK global cybersecurity threat. Our internal teams are performing technical product assessments to determine any potential risks. We actively monitor our company’s internal Internet-connected devices, as well as the broader industry for other possible cybersecurity vulnerabilities. Terumo Blood and Cell Technologies recommends that everyone in the global healthcare ecosystem employ industry standard network security management and monitoring of their environments.  Additional information will be posted on this page as it becomes available.


Product Security Bulletin for Oracle RDBMS

03 FEBRUARY 2021


Terumo Blood and Cell Technologies is aware of the recently published Oracle Database Components cybersecurity vulnerabilities (CVE-2021-2035, CVE-2021-2018, CVE-2021-2054, CVE-2021-2116, CVE-2021-2117, CVE-2021-1993, CVE-2021-2045, CVE-2021-2000). Our internal teams are performing technical product assessments to determine any potential risks.  We actively monitor our company’s internal Internet-connected devices, as well as the broader industry for other possible cybersecurity vulnerabilities.  Terumo Blood and Cell Technologies recommends that everyone in the global healthcare ecosystem employ industry standard network security management and monitoring of their environments.  Additional information will be posted on this page as it becomes available.


Product Security Bulletin for AMNESIA 33 Issue

03 FEBRUARY 2021


Background

Terumo Blood and Cell Technologies is aware of and is currently monitoring AMNESIA:33.

As a result, product technical teams are performing technical assessments to determine if AMNESIA:33 presents a measurable cybersecurity risk.


Response

Terumo Blood and Cell Technologies is currently working with each product team and assessing if and how AMNESIA:33 could be used to exploit our products. While some technical assessments have been completed, others are still ongoing.


Terumo Blood and Cell Technologies products that are confirmed to be unaffected by AMNESIA:33 –

The product list below is available to customers to help identify existing Terumo Blood and Cell Technologies products that have been confirmed to be unaffected by AMNESIA:33. The list provided below is not comprehensive and may be updated as more products are assessed. It does not indicate the patch or device status.

  • Reveos® Automated Blood Processing System
  • FINIA® Fill and Finish System
  • Cell Processing Application
  • Trima Accel® Procedure Summary
  • Vista® Information System
  • Trima Accel® Automated Blood Collection System
  • Quantum® Cell Expansion System
  • Cadence® Data Collection System
  • Spectra Optia® Apheresis System
  • Mirasol® Pathogen Reduction Technology
  • InfoVu
  • Trima KPI Dashboard
  • TOMEs - Terumo Operational Medical Equipment Software
  • T-RAC II - Terumo Recording & Automatic Blood Collector
  • T-ACE II+ - Terumo Automatic Component Extractor
  • Trucise® Data Management System
Customers that maintain patches independent of Terumo Blood and Cell Technologies delivery should ensure these actions are performed as the acting responsible entity in order to maintain the correct security posture of the system(s).


Product Security Bulletin for RIPPLE20 Issue

19 OCTOBER 2020


Background

Terumo Blood and Cell Technologies is aware of and is currently monitoring RIPPLE20.

As a result, product technical teams are performing technical assessments to determine whether RIPPLE20 presents a measurable cybersecurity risk.


Response

Terumo Blood and Cell Technologies is currently working with each product team and assessing whether and how RIPPLE20 could be used to exploit our products. While some technical assessments have been completed, others are still ongoing.


Terumo Blood and Cell Technologies products that are confirmed to be unaffected by RIPPLE20:

The product list below is available to customers to help identify existing Terumo Blood and Cell Technologies products that have been confirmed to be unaffected by RIPPLE20. The list provided below is not comprehensive and may be updated as more products are assessed. It does not indicate the patch or device status.

  • Trima Accel® Automated Blood Collection System
  • Trima Accel® Procedure Summary
  • Trima KPI Dashboard
  • Vista® Information System
  • Cadence® Data Collection System
  • Spectra Optia® Apheresis System
  • Mirasol® Pathogen Reduction Technology
  • Reveos® Automated Blood Processing System
  • Quantum® Cell Expansion System
  • FINIA® Fill and Finish System
  • Cell Processing Application
  • InfoVu
  • TOMEs (Terumo Operational Medical Equipment Software)
  • T-RAC II (Terumo Recording & Automatic Blood Collector)
Customers that maintain patches independent of Terumo Blood and Cell Technologies delivery should ensure that these actions are performed as the acting entity responsible for maintaining the correct security posture of the system(s).


Snake Ransomware Security Update

22 May 2020

Terumo BCT is aware of the Snake Ransomware global cybersecurity threat. Internal teams performed technical product assessments to determine any potential risks. No Terumo BCT device or software products were identified as possessing critical risks specific to this type of ransomware threat. Ransomware attacks can best be prevented using organizational security controls. Terumo BCT recommends that customers take comprehensive measures to ensure the appropriate level of protection is in place within their environment such as:

  • Educating employees about possible attacks using social engineering methods and how to counteract them.
  • Secure configuration of email servers providing the proper level of security. These configurations include authentication mechanisms (SPF record, DKIM signature, DMARC settings) and scanning and filtering of contents of email messages and attachments.
  • Secure network configuration including the use of firewalls. Remote access should not be enabled for any internal systems unnecessarily. When remote access is necessary, use of VPN is recommended.
  • Timely updating of all 3rd-party software used within the organization.
  • Regular backup of data, especially data stored within on-premise file servers.


Additional information will be posted on this page as it becomes available. For questions or additional information, please contact productsecurity@terumobct.com.


Wind River TCP/IP Stack Security Update

12 September 2019

Terumo BCT is aware of the Wind River TCP/IP Stack cybersecurity vulnerabilities in the VxWorks platform. Internal Terumo BCT teams performed product assessments that utilize the VxWorks RTOS versions impacted by the 3 critical and 8 non-critical vulnerabilities, CVE-2019-12255 through CVE-2019-12265. No critical risks were identified with Terumo BCT products using VxWorks due to the vulnerabilities. The architecture and design of the devices would put them in a safe state either by noncontinuable alarm or reboot, both of which maintain patient and donor safety. Terumo BCT will perform the patch to address the vulnerabilities as part of the already scheduled releases for these products nonetheless. Terumo BCT actively monitor our company’s internal Internet-connected devices, as well as the broader industry for other possible cybersecurity vulnerabilities. Terumo BCT continues to recommend that everyone in the global healthcare ecosystem employ industry standard best-practice network security management and monitoring of their environments. For questions or additional information, please contact your local Terumo BCT representative.


​​​​​​​​​​​​​

{{'SEARCH_MODAL_TITLE' | translate }}
{{'SEARCH_MODAL_OR' | translate }}

{{'SEARCH_MODAL_BROWSE' | translate }} {{'SEARCH_MODAL_ENLABEL' | translate }}
{{'SEARCH_MODAL_CHOOSE_LANGUAGE' | translate }} {{'SEARCH_MODAL_CHANGE_LANGUAGE' | translate }}
{{$index+1}}. {{s.label}}