These hospital drug pumps may be hackable in fatal ways, report says
Drug pumps used in thousands of hospitals around the world may be vulnerable to hacking in potentially fatal ways.
There are five types of drug pumps that can be hacked, according to Wired. The pumps are made by Hospira, a leading provider of the machines. One of the pumps, the Plum A+, is used in over 325,000 hospitals around the world.
In a statement to Mashable, Hospira said there have been no instances of breaches on its devices in a clinical setting. The company also said it is working with the Food and Drug Administration and the Department of Homeland Security to help customers address the vulnerabilities.
The vulnerabilities were first discovered by security researcher Billy Rios, who tested all five of the pumps. He initially found that he could raise dosage limits on drugs delivered to patients. So, in Rios’ test, if a caregiver were about to mistakenly give a patient more than their limit, the software would not stop them from doing so.
According to Rios’ reported results, using the newly discovered exploits, a hacker could change the firmware in a pump, and remotely up the dosage to fatal levels without the pump giving off a warning.
Rios has been on a crusade to have Hospira acknowledge and fix its pumps. He first contacted the company a year ago, and offered suggestions on how to make the pumps more secure.
Last month, the FDA issued a warning to hospitals that use two of the pumps (the LifeCare PCA3 and PCA5), that they could be subject to tampering. Rios insists that all the pumps he tested could be exploited, but the FDA is waiting on verification from Hospira before issuing more statements.
Have something to add to this story? Share it in the comments.