Events

Recall of Miele washer-disinfectors when connected to an in-house network

According to Department of Health, Therapeutic Goods Administration, this recall involved a device in Australia that was produced by Miele Australia Pty Ltd.

What is this?

A correction or removal action taken by a manufacturer to address a problem with a medical device. Recalls occur when a medical device is defective, when it could be a risk to health, or when it is both defective and a risk to health.

Learn more about the data here
  • Type of Event
    Recall
  • Event ID
    RC-2017-RN-00587-1
  • Event Risk Class
    Class II
  • Event Initiated Date
    2017-05-16
  • Event Country
    Australia
  • Event Source
    DHTGA
  • Event Source URL
    https://apps.tga.gov.au/Prod/sara/arn-detail.aspx?k=RC-2017-RN-00587-1
  • Notes / Alerts
    Australian data is current through July 2018. All of the data comes from the Australian Therapeutic Goods Administration, except for the categories Manufacturer Parent Company and Product Classification.
    The Parent Company and the Product Classification were added by ICIJ.
    The parent company information is based on 2017 public records. The device classification information comes from FDA’s Product Classification by Review Panel, based on matches of recall data from the U.S. and Australia.
  • Extra notes in the data
  • Reason
    Miele have identified an it security vulnerability affecting specific models of miele washer-disinfectors. these washer-disinfectors feature a network interface for connection to an in-house network for cycle documentation purposes. in the event of an attack on the in-house network of a hospital, a laboratory or a surgery, there is a risk that data from miele washer-disinfectors can be read out and/or replaced. this data is for the most part binary code. to date, there has been no evidence indicating that such an incident has ever occurred.
  • Action
    Miele is working on a solution for this issue. In the interim, Miele is recommending users implement the following measures in order to minimise risks: 1. Ensure that all relevant staff members using the machine are informed of this product correction; 2. Do not enable access to the machine via the Internet (e.g. through port forwarding). If the machine is accessible via the Internet, deactivate any Internet connections immediately; 3. Only operate these machines in a separate section of the network (physically separated or protected by access authorisation systems by configuring routers/firewalls). In this network, only operate the systems required for the documentation of reprocessing results (e.g. PC and printer);and 4. Access to any affected machine and access-authorised systems should be limited exclusively to persons requiring access. 4.1 Access-authorised systems should be protected using strong passwords. 4.2 Alter existing passwords on machines (cf. programming manual).

Device

Miele washer-disinfectors when connected to an in-house network
  • Model / Serial
    Miele washer-disinfectors when connected to an in-house networkModel Numbers: PG 8527, PG 8528, PG 8535 and PG 8536ARTG Number: 280003
  • Manufacturer
    Miele Australia Pty Ltd

Manufacturer

Miele Australia Pty Ltd