FDA: Hospira infusion system vulnerable to hackers
- Cybersecurity experts at the Department of Homeland Security have sent out warnings regarding the vulnerabilty of Hospira's Symbiq Infusion System, leading the FDA to issue an advisory to hospitals telling them to stay away from the system.
- Independent cybersecurity expert, Billy Rios, has determined that remote attacks could be conducted against patients by accessing a hospital's network and manipulating the function of the pump, whch is used to deliver drugs directly to patients' bloodstreams.
- This was the first time that the FDA has ever advised a healthcare provider to stop using a specific medical device because of a cybresecurity threat.
This might be the first time this type of warning has been issued—but it almost certainly won't be the last. In fact, Homeland Security is currently investigaring roughly 25 cases of possible cyber vulnerabilities associated with various medical devices.
Hospira, which has faced numerous challenges lately, including the ongoing large-scale recall of its painkiller, ketorolac, has responded to this latest challenge by putting a notice on its website saying that it is working with Symbiq customers to deploy a software update that would close access to the ports to the pump, as well as other cyberprotective features.
The major takeaway here is that medical devices need to be secured behind firewalls and that they need to be protected by placing them on private internal networks that are not accessible to would-be hackers. The goal is not only to protect patients—but to protect the overall integrity of a healthcare provider's entire network.