A company’s intravenous pump that administers hospital patients’ drugs at their bedsides can be hacked and should no longer be used, according to the Food and Drug Administration.
The FDA issued a statement on July 31 alerting users of Hospira Inc.’s Symbiq Infusion System’s cybersecurity problems. The administration is strongly encouraging healthcare facilities to stop using the Symbiq Infusion System.
Hospira’s LifeCare PCA3 and PCA5 infusion pump systems were flagged by the FDA for the same cybersecurity issues on May 13.
No one has been harmed by the pumps being hacked, but patients are susceptible to hackers accessing the pumps and manipulating the levels of drugs being administered, which could cause fatal overdoses.
The pumps’ vulnerabilities were exposed by an independent researcher, though the FDA did not give his name. Campus Safety Magazine had previously reported that Bill Rios, a security researcher, had found vulnerabilities with five of Hospira’s infusion pump models in June. Rios told the FDA about his findings in 2014.
Hospira’s website claims it is “the leading provider of injectable drugs” and has over 400,000 intravenous drug pumps installed in hospitals worldwide, although it has stopped making the models flagged by the FDA.
