Cybersecurity And Medical Devices: FDA, Dept. Of Homeland Security Warn Hospital Equipment Vulnerable To Hackers
Hackers can and will penetrate just about anything, and many are worried their next target will be widely used medical devices. A warning issued by the Food and Drug Administration, along with the Department of Homeland Security is telling hospitals and other health care facilities to stop using Hospira’s Symbiq Infusion System, an infusion pump used to deliver nutrients and medications to a patient intravenously.
The report states that Hospira, along with an independent researcher, has found that the Symbiq Infusion System is vulnerable to external influence because of its ability to be accessed outside of the hospital’s network. “This could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under- infusion of critical patient therapies,” the report stated. This could have unprecedented impacts to a patient’s health, especially for more sensitive medications.
The FDA also says that Hospira has since discontinued the Sympiq Infusion System, but cautions that it may be possible to obtain the device from a third-party retailer. They strongly suggest that for the time being hospitals use other forms of infusion pumps to avoid a possible security breach. As of now, neither the FDA nor the Department of Homeland Security is aware of any instances of hacking that have occurred to manipulate the system, but they continue to investigate the problem.
Unfortunately, this is not the first instance of cybersecurity vulnerability for widely used medical equipment. WIRED says a variety of infusion pumps are not password protected, although they can be accessed remotely, and if they do have a password it is often weak and universal to all customers. Also, ICDs, or implantable cardiovascular defibrillators used for patients in cardiac arrest are sometimes operated by Bluetooth technology, which controls when a patient is delivered a shock. These devices are implanted within patients after surgery, and also have weak passwords equivalent to an iPhone PIN. Because of this, hackers could potentially deliver unnecessary shocks to a patient’s heart, putting their life at risk.
On top of this, hospital refrigerators could be manipulated, spoiling blood or medications that need to be stored at certain temperatures. Digital records now commonly used to keep patients’ records can also be tampered with, and X-ray results can easily be accessed.
How often these types of breaches actually occur is hard to tell, but it’s safe to say that hospital technology must be updated to ensure they cannot be so easily controlled.