FDA tells hospitals to ditch IV pumps that can be hacked remotely
According to the FDA, if hospital network security isn’t up to date or these old devices are in use, hackers could do more than just steal patient info — they could remotely control a « smart » IV infusion pump and hurt patients.
The network vulnerability would « allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies, » the Food and Drug Administration « strongly encourages » hospitals to stop using Hospira’s Symbiq Infusion System, because it’s vulnerable to cyberattacks that would allow a third party to remotely control dosages delivered via the computerized pumps. Unauthorized users are able to access the Symbiq system through connected hospital networks, according to the FDA and the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team. ICS-CERT reported the vulnerability on July 21st and the FDA released its own safety alert on Friday, July 31st. Thankfully, there are no reported incidences of the Symbiq system being hacked.