Hospira Infusion Pumps Vulnerable to Hackers, Warns FDA

Doctors have been told to stop using Hospira’s Symbiq blood infusion system because cyber attackers could remotely control it by exploiting poorly-secured public networks.

A white-hat hacker discovered the vulnerability and reported it to the Department of Homeland Security.

Hospira Inc. stopped making Symbiq pumps in 2013 and said it expected majority would be replaced within two to three years.

“This (weakness) could allow a fake addict to manage the machine and develop the guidelines the…”

Both government agencies said they know of no cases where such an attack has been launched, but the FDA said in its advisory that it strongly encouraged healthcare facilities to stop using the Symbiq infusion pump system and move to other devices. The FDA said that some of the systems were even shipped with a default login password. The company says newer products have additional protection against potential breaches. The pump is used for delivering drugs into system of patients, but what if it gets hacked when a patient is alive just because of it.

Hospira has discontinued the manufacture and distribution of the Symbiq Infusion System, due to unrelated issues, and is working with customers to transition to alternative systems. The FDA warned about similar vulnerabilities to other Hospira pumps in May.

Medical tech expert John Halamka urged hospitals to put their devices behind firewalls and on private internal networks.

Hospira makes injectable drugs and infusion technologies.

Fiat Chrysler said it would recall about 1.4 million cars and trucks in the U.S. on July 24, days after two hackers revealed that they took control of a Jeep Cherokee SUV over the Internet.

Government safety regulators have started an investigation into the incident.