Healthcare Professionals

Committed to helping you meet the evolving challenges and opportunities in patient care.

Healthcare Professionals
  • Primary Care

    Supporting every aspect of your clinical practice, including physical exam, diagnostic cardiology, vitals monitoring and vision screening

  • Hospital Care

    Advancing products and technologies designed to speed patient recovery and streamline clinical workflows

  • Surgical Care

    Delivering innovations that enable reduced operating times, faster patient recovery and improved outcomes

  • Kidney Care

    Pioneering care in hemodialysis (HD), peritoneal dialysis (PD) and digital health to support better outcomes for your patients

  • Nutritional Care

    Personalizing nutritional care designed to improve patients’ health in the hospital, the ICU and at home

  • Respiratory Care

    Helping your patients with respiratory therapies designed to simplify delivery and improve mobility

  • Our Products

    Our portfolio of acute, nutritional, renal, hospital and surgical care products helps advance healthcare around the world.

Perspectives

For nearly a century, we have worked at the intersection of saving and sustaining lives.

Perspectives

Our Story

Our 90-year heritage gives us distinct perspective on the needs of patients and caregivers. We lead today by putting those insights to work to deliver new, better healthcare solutions and access to care in the communities where we live and work.

Our Story
  • Our Leadership

    Our forward-looking leadership team is a driving force in ensuring we meet the needs of all our stakeholders – every day and everywhere.

  • Our Governance

    We are proud of our strong commitment to maintaining the highest standards of corporate governance.

  • Fueling Collaborative Innovation

    Nurturing a culture of innovation is critical to delivering on our mission to save and sustain lives. We partner with the healthcare community to continually find more efficient, smarter ways to help solve the world's most pressing healthcare challenges.

  • Corporate Responsibility

    We strive to create lasting value by empowering our patients, protecting our planet and championing our people and communities.

  • Diversity, Equity & Inclusion

    We are committed to attracting, motivating and retaining an inclusive and diverse workforce.

  • Our History

    For nearly a century, we’ve been focused on saving and sustaining lives and elevating patient care.

Patients

Helping you reach a healthy life, full of possibility.

Patients
  • General Healthcare

    Whether you are receiving care in the hospital, at your doctor’s office or at home, we are here to support every step of your journey.

  • Nutritional Care

    When medical conditions prevent you from adequately feeding yourself, we provide life-saving clinical nutrition options to help you regain your nutritional status.

  • Kidney Care

    Kidney disease is an ongoing journey for you and your family. While every journey is unique, Baxter is committed to supporting access to care options to meet your medical and lifestyle needs.

  • Respiratory Care

    We are committed to helping you with innovative products that deliver effective, proven respiratory therapy in the hospital and at home.

Product Security

Product Security

In support of our mission to save and sustain lives, we take product security seriously. 

Jump to

Product Security Bulletins and Additional Resources

Product Security Bulletins

ConnectWise Vulnerabilities

Learn More >

Vulnerability in Mirth Connect

Learn More >

Spectrum V6, V8, V9 – ICS Advisory (ICSMA-22-251-01)

Learn More >

Axeda agent and Axeda Desktop Server for Windows

Learn More >

Apache Log4j Vulnerability

Learn More >

ExactaMix – CERT/CC Vulnerability Note (VU#383432) – PrintNIghtmare

Learn More >

ExactaMix – ICS Advisory (ICMSA-20-170-01)

Learn More >

Prismaflex – ICS Advisory (ICSMA-20-170-02)

Learn More >

PrisMax – ICS Advisory (ICSMA-20-170-02)

Learn More >

Phoenix – ICS Advisory (ICSMA-20-170-03)

Learn More >

Spectrum V6, V8, V9 – ICS Advisory (ICSMA-20-170-04)

Learn More >

Treck TCP/IP Stack (Ripple 20) Vulnerabilities (ICSA-20-168-01)

Learn More - PrisMax >

Learn More - Spectrum >

Critical Vulnerabilities in Microsoft Windows Operating Systems (AA20-014A)

Learn More >

SweynTooth Vulnerabilities – No Impact to Baxter Products

Learn More >

ExactaMix – Multiple Windows SMB Remote Code Execution Vulnerabilities

Learn More >

ExactaMix – Microsoft Security Advisory for CVE-2019-0708 "Remote Desktop Services, Remote Code Execution Vulnerability."

Learn More >

Sigma Spectrum Infusion System Vulnerabilities ICS Advisory (ICSA-15-181-01)

Learn More >

IPnet and VxWorks Urgent/11 Advisory – No Impact to Baxter Products

Learn More >

Request a Document

To request the Baxter document(s) listed below, click and submit your request along with your business contact information (i.e. Your Name, Role, Company, Address, Phone Number) or contact your Baxter service representative.

Email request for ExactaMix Cybersecurity Guide

Product Security Questions

Customers with a specific question about any Baxter product can reach out to [email protected] or contact their Baxter service representative.

Global Privacy Policy

Baxter has established a Global Privacy Policy to reflect the foregoing principles which are a key part of Baxter company culture and operations.

 

Team Collaboration

 

Baxter's Coordinated Vulnerability Disclosure Process

Baxter’s mission is to save and sustain lives. Fundamental to our mission and strategy, we are committed to designing, manufacturing, and maintaining safe and secure medical devices. We also know that cybersecurity threats and vulnerabilities change rapidly. Therefore, we are committed to working with the security researcher community to verify and respond to legitimate vulnerabilities and ask researchers to participate in our responsible reporting process outlined below.

Scope

Baxter created this coordinated disclosure process for security researchers to report potential vulnerabilities related to Baxter’s commercially available products.  It is not meant for technical support information on Baxter products or for reporting Adverse Events or Product Quality Complaints. For all of these other matters please visit for the appropriate reporting channel: https://www.baxter.com/contact-and-support/contact.page.

How to submit

If you have discovered a potential vulnerability related to a Baxter product, we ask you to contact us in English at [email protected]. Please encrypt your email using our GPG (GnuPG) public key.

Please include the following information:

  • Contact information so we can get in touch with you.  (name, organization, email address and phone number).
  • Whether you believe multiple vendors are affected
  • When and where the vulnerability was discovered
  • Technical description of the vulnerability and environment in which it was discovered
  • Name, version, and configuration details of the affected product
  • Specific impact and how you envision this vulnerability could be used in an attack
  • Information about the tools and techniques you used to discover this vulnerability
  • Any proof of concept or exploit code
  • Any indications of the vulnerability being exploited
  • Prior or intended disclosure of vulnerability information to other parties (e.g. regulators, vulnerability coordinators, vendors)

Please do not include any personal information, such as sensitive/health information.  

What Baxter will do

  • We will acknowledge receipt of the report within 7 days.
  • We will escalate the report to appropriate team to verify and reproduce the reported vulnerability. You may be contacted during this time to support our verification efforts.
  • We will evaluate the reported vulnerability and conduct a risk analysis to determine appropriate action to take.
  • If Baxter determines the issue warrants disclosure, we will publish notification on this page, and we will report it to the appropriate external parties such as Cyber Emergency Response Teams (CERTs) and Information Sharing and Analysis Organizations (ISAOs).

Additional information For Security Researchers:

Please only conduct testing in secure environments, which comply with the following:

  • All laws and regulations
  • Avoiding any testing that could hurt patients, cause a privacy issue, or damage equipment
  • Avoiding testing on devices in use or software that is in a production environment
  • Avoiding actions taken to exploit any vulnerability
  • Avoiding action that could make changes to a product or system after the test is completed

Notice:

By submitting information through this process, you agree that it will be considered non-proprietary and non-confidential, and that Baxter is allowed to use the information in any manner, in whole or in part, without any restriction.  You also agree that submitting such information does not create any rights for you or any obligations for Baxter.

Dedicated Team

We have a dedicated team that is committed to and passionate about ensuring our products are safe and secure for their intended clinical use.  We have developed our products with cybersecurity controls integrated into the design, using a Common Cybersecurity Control Framework for Medical Devices which takes into consideration industry-leading standards, regulations, and guidance documents. While we have focused resources on developing safe and secure products, we know that the cybersecurity threat landscape changes every day. Baxter prides itself on being responsive and transparent with our customers about cybersecurity.

We are proud to have a global team of cybersecurity professionals that are dedicated to product security. Our team members are passionate about security and care about the safety of our patients. There are dedicated resources that support both the secure development of new products and the sustained maintenance of our fielded devices. We know cybersecurity is a dynamic field and we are committed to protecting our patients throughout the entire product lifecycle.

We are proud to have dedicated Business Information Security Officers (BISO) for each of our business units. The BISOs bring a wealth of experience and knowledge, to serve as a trusted advisor for our business and product leaders. This allows cybersecurity to be integrated into everything we do. There are also dedication cybersecurity engineers that support specific products during their development to work through the specific product security requirements. Last but not least, we have dedicated resources that conduct thorough cybersecurity risk management procedures that are consistent with our high-standard of product risk management.

Cybersecurity Design

We have proudly developed a Cybersecurity Common Controls Framework for Medical Devices (C3FMD). The intent of the Cybersecurity Common Controls Framework (C3FMD) is to provide a consistent and common cybersecurity controls framework that addresses the above security concerns for medical device design and engineering, that is based on industry standards and best practices, is comprehensive in its security coverage, and that addresses the demands of a rapidly evolving cybersecurity landscape. In the C3FMD, cybersecurity is driven first and foremost by patient health and safety concerns.

It is critical to ensure that any medical devices impacting patient health and safety are operated, deployed and managed in a safe, secure and reliable manner. This framework ensure that our products are developed consistently with cybersecurity capabilities built into the medical device. C3FMD covers the following key categories of controls: authentication, authorization, access controls, audit, and cryptography. This framework is a prescribed set of baseline cybersecurity controls which enhance the security posture and reduce the risk of compromise against target medical devices.

Responsive & Transparent

We are committed providing transparent information to our customers about product security. In an effort to share information, we provide a Manufacturer Disclosure Statement for Medical Device Security (MDS2), from the National Electrical Manufacturers Association and the Healthcare Information and Management System Society, which contains important cybersecurity design features such as:

  • Audit Controls
  • Authorization
  • Data Backup and Disaster Recovery
  • Malware Detection/ Protection
  • System and Application Hardening
  • Transmission Confidentiality and Integrity

In addition to the information provided in the MDS2, we provide cybersecurity information in our user manuals and customer communications. For any further inquiries, customers can feel free to work with their sales or service representatives.

Partnerships

The healthcare ecosystem is increasingly complex and interconnected. In order to protect patients and ensure our products are safe and secure, the entire healthcare industry has to work closely together. To achieve greater security, we value the relationships and partnerships it maintains across the healthcare ecosystem. We are proud of all the thought leaders that make up our product security team. There are several organizations that we work with to gather and share cyber information, such as:

  • National Health Information Sharing and Analysis Center (NH-ISAC)
  • Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
  • Advanced Medical Technology Association (AdvaMed)
  • Association for the Advancement of Medical Instrumentation (AAMI)
  • Homeland Security Information Network (HSIN)
  • Medical Device Innovation, Safety, and Security Consortium (MDISS)
  • Medical Device Security Information Sharing Council (MDSISC)
  • Medical Device Innovation Consortium (MDIC)