Hospira, a manufacturer of drug delivery pumps and medical devices, is the subject of a recent Food and Drug Administration warning about a serious drug pump security risk with one of its products.
The company has stopped producing the Symbiq range of drug delivery pumps, although a number of U.S hospitals are still using the medical devices. This is of major concern to the FDA, which has recently issued an alert about the devices, warning healthcare providers to stop using the pumps and make the transition to other models, or brands, which carry a much lower security risk.
The Symbiq drug pump security risk is highly serious. The devices have a security flaw that could enable a hacker to take control of the equipment, potentially using the devices to access healthcare provider computer networks. However the main cause for concern is that by gaining control of the devices, a criminal would be able to alter the quantity to drugs that are delivered to patients, resulting in an overdose, or underdose, with grave consequences for the patient.
On Friday last week, the FDA issued a warning to all hospitals and healthcare providers about the Symbiq security flaw. While a transition to more secure pumps has been strongly recommended, the FDA did provide some advice that hospitals can take to immediately to reduce the drug pump security risk.
Preventing Hackers from Gaining Access to Symbiq Drug Pumps
It is possible for hackers to gain access to the devices via unused, open ports. The FDA therefore recommends closing all unused ports on the devices, as well as disconnecting the devices to update drug libraries manually. Unfortunately the latter can take a considerable amount of time to complete, and the process is prone to error.
Hospira has responded to the FDA warning, and has issued a statement explaining the steps that the company is taking to help healthcare providers address the problem. A spokesperson for the company explained “We are communicating with customers at the limited number of sites where Symbiq remains in use.” The company is also helping hospitals to update the software on the devices. This will not eliminate the risk, but it will make the devices more secure until replacements can be sourced.
Hospira also pointed out that this security issue affects only the Symbiq range of pumps, and its more recent products have more robust security protections to reduce the risk of hacks, with its latest range of devices – Plum 360 infusion pumps – not possessing the same security flaw.
The hacking of medical devices is a major concern, not only for the potential harm that could be caused to patients, but also for the potential to infiltrate hospital computer networks to gain access to patient health information, Social Security numbers and other sensitive data that can be used to commit fraud and identity theft.
Healthcare providers must keep a close eye on security announcements and warnings, and must be prepared to take prompt action to address device security risks once they are identified.