by Chris Brook May 5, 2015 , 2:34 pm
One medical device company’s line of drug pumps is so fraught with vulnerabilities that the researcher that discovered the flaws claims the pump is the least secure IP-enabled device he’s ever come across.
Certain versions of Hospira’s Lifecare PCA3 Drug Infusion pumps are susceptible to multiple remotely exploitable vulnerabilities that could not only brick the device, but with a little tweaking, also let attackers change the drug library they’re affiliated with, update the its software, and run commands.
Full Article
Vulnerability-Riddled Drug Pumps Open to Takeover
+54+54Doctors told to stop using kit as open ports put patients at risk
1 Aug 2015 at 00:29, Iain ThomsonThe US Food and Drug Administration has told healthcare providers to stop using older drug infusion pumps made by medical technology outfit Hospira – because they can be easily hacked over a network.
"Hospira and an independent researcher confirmed that Hospira’s Symbiq Infusion System could be accessed remotely through a hospital’s network. This could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies," the FDA said.
Full Article
1 person likes this
The mind boggles at the thought that someone would stoop so low as to hack a piece of life saving equipment like that...but then again, malevolent hackers are the scum of the earth.
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
The following article is a update:
************************************
Hospitals advised to stop using vulnerable computerized drug pumps
Posted on 03 August 2015.The US Food and Drug Administration has issued a safety communication warning healthcare facilities using the Hospira Symbiq Infusion System - a computerized pump made for delivering infusion therapy - that the device has several critical security vulnerabilities.
"Hospira and an independent researcher confirmed that Hospira’s Symbiq Infusion System could be accessed remotely through a hospital’s network. This could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies," the alert says.
"Hospira has discontinued the manufacture and distribution of the Symbiq Infusion System, due to unrelated issues, and is working with customers to transition to alternative systems. However, due to recent cybersecurity concerns, the FDA strongly encourages health care facilities to begin transitioning to alternative infusion systems as soon as possible." full article
************************************
Hospitals advised to stop using vulnerable computerized drug pumps
Posted on 03 August 2015.The US Food and Drug Administration has issued a safety communication warning healthcare facilities using the Hospira Symbiq Infusion System - a computerized pump made for delivering infusion therapy - that the device has several critical security vulnerabilities.
"Hospira and an independent researcher confirmed that Hospira’s Symbiq Infusion System could be accessed remotely through a hospital’s network. This could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies," the alert says.
"Hospira has discontinued the manufacture and distribution of the Symbiq Infusion System, due to unrelated issues, and is working with customers to transition to alternative systems. However, due to recent cybersecurity concerns, the FDA strongly encourages health care facilities to begin transitioning to alternative infusion systems as soon as possible." full article
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.