With new cyber attacks hitting the news every day, it shouldn’t be a surprise when the FDA, the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), and Hospira issued a joint press release warning health care facilities about cybersecurity vulnerabilities associated with medical devices that can be accessed remotely through a hospital’s network.
Based in Lake Forest, Illinois, Hospira, a global pharmaceutical and medical device company, confirmed with an independent researcher that its Symbiq Infusion System, a computerized drug infusion pump, couldn’t protect against an unauthorized user from controlling the device and changing the dosage the pump delivers.
Due to unrelated issues, Hospira has already discontinued the Symbiq Infusion System, however, the product is potentially still available for purchase from third parties not associated with the company.
Health care facilities should discontinue the use of Hospira’s device and use alternative systems as soon as possible, the FDA said.
The FDA said it’s actively investigating the situation and will provide updates when necessary.