FDA Warns of Cybersecurity Vulnerabilities of Hospira Infusion System
Warning that a security vulnerability could enable cyber attackers to take remote control of the system, the U.S. Food and Drug Administration on Friday recomended hospitals to discontinue using Hospira Inc’s Symbiq infusion system. It comes at a time of rising concerns about breaches of products that connect to the Internet.
The company presented the ifa a number of 10 days following the You can include.S. Department of Homeland Security forewarned of the weeknesses in the water pump, that supply treatments into the blood of individuals.
The FTP and telnet ports of the system being left open appear to be the reason behind the systems becoming susceptible to being hacked. A week ago, automaker Fiat Chrysler recalled 1.4 million vehicles because of a flaw that made them vulnerable to hackers. Some of the systems were even shipped with a default login password which the FDA is advising hospitals to change ASAP.
The FDA and DHS cited research from independent cyber security expert Billy Rios, who found that remote attacks could be launched on patients by accessing a hospital’s network. The pump is used for delivering drugs into system of patients, but what if it gets hacked when a patient is alive just because of it. While Hospira has quit making the devices, they are still in use by hospitals, nursing homes and other health-care facilities to administer drugs intravenously, according to the agency. The FDA warned about similar vulnerabilities to other Hospira pumps in May.
The FDA says health care providers should disconnect the pumps from their networks and update their drug libraries manually – a process the agency warns can be labor intensive and prone to error. That import ban has since been lifted, Hospira said.
Government safety regulators have started an investigation into the incident.