Identify affected devices in your organisation.
Ensure that staff are aware of the recommendations given in the manufacturer's Customer Letter.
Make sure staff know that the manufacturer has developed a way to fix the product security vulnerability; this was released in October 2019 and is available for download from the BD website here
The link is password protected. Use the following log in details to access it:
Once logged in, you will find the instructions in the file called BDPB00106 and the CAB file is in the folder called Release.
Documentation is also available on the BD website using the same log in details as above
Report suspected or actual adverse events involving these devices through your local incident reporting system and/or your national incident reporting authority as appropriate: England, Scotland, Northern Ireland, Wales. You should also report directly to manufacturers if your local or national systems do not.
All medical, nursing and technical staff involved in the use and maintenance of these devices.
Deadlines for actions
Actions underway:11 December 2019
Actions complete:27 December 2019
The Alaris Gateway Workstation is aimed at integrating infusion data with a hospital's central clinical information system.
Alaris Gateway Workstation:
Potential vulnerability that can impact the Workstation. If exploited, this vulnerability may allow an attacker with malicious intention to remotely install unauthorised firmware.
Alaris Gateway Workstation web browser user interface:
Potential vulnerability that can impact the user interface in standalone configuration only. If exploited, this vulnerability may allow an attacker with knowledge of the IP address of the Alaris Gateway Workstation terminal to gain access to information on the web browser user interface.
Tel: 0800 917 8776 option 2, option 3
If you are responsible for cascading these alerts in your organisation, these are our suggested distribution lists.
Trusts (NHS boards in Scotland)
CAS and NICAS liaison officers for onward distribution to all relevant staff including:
• All departments
• All staff
• All wards
• Ambulance services directors
Establishments registered with the Care Quality Commission (CQC) (England only)
• Hospitals in the independent sector
Please note: CQC and OFSTED do not distribute these alerts. Independent healthcare providers and social care providers can sign up to receive MDAs directly from the Central Alerting System (CAS) by sending an email to: email@example.com and requesting this facility.
Send enquiries about this notice to MHRA, quoting reference number MDA/2019/040 or 2019/006/014/302/001
Guido Fumagalli or David Grainger, MHRA
Tel: 020 3080 6000
Devices Clinical Team, MHRA
Tel: 020 3080 7274
To report an adverse incident involving a medical device in England use the Yellow Card reporting page
Northern Ireland Adverse Incident Centre (NIAIC), CMO Group, Department of Health (Northern Ireland)
Tel: 028 9052 3868
To report an adverse incident involving a medical device in Northern Ireland use the forms on the website.
Alerts in Northern Ireland are distributed via the NICAS system.
Incident Reporting and Investigation Centre (IRIC), Health Facilities Scotland, NHS National Services Scotland
Tel: 0131 275 7575
To report an adverse incident involving a medical device in Scotland, email IRIC to request a webform account.
For more information, or if you can't access the webform, visit the website: how to report an adverse incident
Population Healthcare Division, Welsh Government
Tel: 03000 255278 or 03000 255510
To report an adverse incident involving a medical device in Wales, use the Yellow Card reporting page and follow specific advice for reporting in Wales in MDA/2004/054 (Wales).