You are here

Hospira Infusion Systems Vulnerable to Hackers, FDA Warns

Too much or too little medication could be administered

Security flaws could allow an unauthorized user to remotely access some Hospira infusion pumps and interfere with their function — potentially causing overdoses or underinfusion of critical therapies, according to the FDA and the Department of Homeland Security (DHS).

The FDA has posted a safety communication on the vulnerabilities of the Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems. These computerized pumps, designed for the continuous delivery of anesthetic or therapeutic drugs, can be programmed remotely through a health care facility’s Ethernet or wireless network.

The FDA and DHS say an independent researcher has released information about these security vulnerabilities — including software codes — which, if exploited, could allow an unauthorized user to interfere with the pump’s operation. With malicious intent, such a user could access the pump remotely and modify the dosage it delivers. Even an attacker with low skills would be able to exploit some of the publicly available vulnerabilities, DHS says.

Hospira argues that while drug libraries, software updates, and pump configurations can be modified, it is not possible to remotely operate the pump; a clinician must be present and manually program a specified dosage.

The DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has been working with Hospira since May 2014 to address the vulnerabilities. Hospira has developed a new version of the system that it says will mitigate the problems. A premarket 510(k) submission of the new system is under FDA review.

The FDA is not aware of any patient adverse events or unauthorized device access related to these vulnerabilities.

The FDA and ICS-CERT say health care facilities can reduce the risk of unauthorized access by implementing these recommendations:

  • Isolate the system from the facility’s Internet and untrusted systems. If the device must be connected to a host network, ensure that the host network is isolated from the Internet.
  • Check for unauthorized changes to the Hospira system and unauthorized network activity.
  • Maintain layered physical and logical security practices.
  • Restrict unauthorized access to the network and networked medical devices.
  • Make certain appropriate antivirus software and firewalls are up-to-date and properly configured.
  • Close specific ports on the Hospira systems, including any unused ports.
  • Perform a risk assessment. Examine the organization’s specific clinical use of the system to identify potential impacts of the vulnerabilities, then determine the system’s appropriate connectivity (if any) to the organization’s network or an isolated part of it.

Disconnecting the device will require drug libraries to be updated manually; data that is normally transmitted to MedNet from the device would not be available. If drug-delivery settings are adjusted manually, the FDA recommends verifying the settings prior to starting an infusion.

Customers can access instructions and other risk mitigation measures via Hospira’s Advanced Knowledge Center.

Sources: FDA; May 13, 2015; ICS-CERT; May 13, 2015

Recent Headlines

Despite older, sicker patients, mortality rate fell by a third in 10 years
Study finds fewer than half of trials followed the law
WHO to meet tomorrow to decide on international public heath emergency declaration
Study of posted prices finds wild variations and missing data
Potential contamination could lead to supply chain disruptions
Declining lung cancer mortality helped fuel the progress
Kinase inhibitor targets tumors with a PDGFRA exon 18 mutation
Delayed surgery reduces benefits; premature surgery raises risks
Mortality nearly doubled when patients stopped using their drugs