FDA warns hospitals to ditch IV pumps that can be hacked remotely
“Hospira and an independent researcher confirmed that Hospira’s Symbiq Infusion System could be accessed remotely through a hospital’s network”.
“This (vulnerability) could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies”, wrote the FDA in its warning.
Hospira officials could not immediately be reached for comment.
The devices, computerized pumps that allow for continuous delivery of general infusions, are used in hospitals and nursing homes.
The vulnerability shows the risky side of an increasingly connected health-care system. Hospira notes in a statement that there have been no known breaches of their devices. We are communicating with customers at the limited number of sites where Symbiq remains in use, the company said.
An announcement on Hospira’s website indicated the company was working with Symbiq customers to deploy a software update closing access ports to the pump and including other security protections.
The Government Accountability Office, in a 2012 report, warned that medical devices were particularly susceptible and should be closely tracked.
The vulnerability was discovered by a white-hat hacker by the name of Billy Rios who then reported it to the Department of Homeland Security.
Both the FDA and DHS stated they know of no instances the place such an assault has been launched, however the FDA stated in its advisory that it strongly inspired healthcare amenities to cease utilizing the Symbiq infusion pump system and transfer to different units.