• Advertisement
To advertise, place classifieds free ads by category in a forum as a new topic, or in the classified display ads section, or start a classifieds free blog.

FDA warns of security flaw in Hospira infusion pumps

FDA warns of security flaw in Hospira infusion pumps

Postby smix » Sat Aug 01, 2015 11:29 am

FDA warns of security flaw in Hospira infusion pumps
Reuters

URL: http://www.reuters.com/article/2015/07/ ... GJ20150731
Category: technologyNews
Published: Fri, 31 Jul 2015 21:50:54 GMT

Description: BOSTON (Reuters) - The U.S. Food and Drug Administration on Friday advised hospitals not to use Hospira Inc's Symbiq infusion system, saying a security vulnerability could allow cyber attackers to take remote control of the system. The agency issued the advisory some 10 days after the U.S. Department of Homeland Security warned of the vulnerability in the pump, which is used to deliver medications directly into the bloodstream of patients. The FDA and DHS cited research from independent cyber security expert Billy Rios, who found that remote attacks could be launched on patients by accessing a hospital's network. Both the FDA and DHS said they know of no cases where such an attack has been launched, but the FDA said in its advisory that it strongly encouraged healthcare facilities to stop using the Symbiq infusion pump system and move to other devices. "This (vulnerability) could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies," the FDA said in its warning. It was the first time the FDA has advised healthcare providers to discontinue use of a medical device because of a cyber-security vulnerability. The FDA said Hospira had previously discontinued the manufacture and sales of the Symbiq system for reasons not related to the cyber vulnerability, but that they were still in use and being sold by third parties.
SOFTWARE UPDATE
Hospira said in a notice on its website that it was working with Symbiq customers to deploy a software update that closes access ports to the pump and includes other cyber-security protections. "This option provides our Symbiq customers with another layer of security for the devices while they remain in the market for another few months," the statement said. It said that it was also working with customers of its LifeCare PCA and Plum A+ infusion devices with advice on how to mitigate cyber-security vulnerabilities. FDA spokeswoman Angela Stark said the agency had looked into issues with other Hospira infusion pumps and issued a safety communication on two other Hospira models in May. John Halamka, chief information officer with Boston's Beth Israel Deaconess Medical Center, said that healthcare providers need to secure medical devices by putting them behind firewalls and placing them on private internal networks that are not accessible. He said that ultimately the responsibility for securing devices lies with manufacturers. "They need to re-engineer their devices with security built in," he said.
PUBLIC SAFETY
The FDA's warning came as industry and government regulators are placing unprecedented attention on public safety risks posed by cyber vulnerabilities in products with embedded computers. Fiat Chrysler last week announced the recall of 1.4 million U.S. vehicles to install software to prevent hackers from gaining remote control of the engine, steering and other systems. It was the first auto recall prompted by a cyber vulnerability. Critics have warned in recent years that the government is not moving fast enough to address vulnerabilities in critical infrastructure, including healthcare and transportation. A senior Department of Homeland Security official told Reuters in October that the agency was reviewing about two dozen cases of possible cyber vulnerabilities in medical devices. He did not identify the devices under scrutiny, but people familiar with the agency's work said that they included Hospira pumps. A DHS spokesman on Friday declined to comment on the status of the agency's other investigations into medical devices. Josh Corman, co-founder of the non-profit group I Am The Cavalry, said the unprecedented responses to Hospira and Fiat Chrysler vulnerabilities shows that government and industry can find ways to protect the public from cyber vulnerabilities. "This is very encouraging," said Corman, whose group lobbies to boost security of cars and medical devices. "I love this as an intermediary step while new laws and new regulatory standards are being developed."
User avatar
smix
 
Posts: 2120498
Images: 1
Joined: Sat Aug 10, 2013 8:05 am
Blog: View Blog (0)

  • Similar Topics
    Replies
    Views
    Last post

Return to Medical Instruments, Equipment & Supplies


Mobile Device
  • 1
  • FREE CLASSIFIED ADS
    Free Classified Ads
    There are 3 ways to advertise - your choice: you can place free ads in a forum topic, in the classified display ads section, or you may start your own free blog. Please select the appropriate category and forum for the ad content before you post. Do not spam.
    Caveat emptor - let the buyer beware. Deal at your own risk and peril.
  • Advertisement