The U.S. Food and Drug Administration and Department of Homeland Security have both issued advisories warning hospitals not to use the Hospira infusion system Symbiq because of cyber vulnerabilities. No known attack has occurred, but by accessing a hospital’s network, hackers could theoretically fiddle with the intravenous infusion pump.
“This could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies,” the FDA wrote in a statement.
But it’s not just the Symbiq pump that has security problems. According to a WIRED report last year, security experts who studied on Midwestern medical facility chain over the course of two years found a host of security vulnerabilities. Just a few issues they founded included “Bluetooth-enabled defibrillators that can be manipulated to deliver random shocks to a patient’s heart or prevent a medically needed shock from occurring; X-rays that can be accessed by outsiders lurking on a hospital’s network; temperature settings on refrigerators storing blood and drugs that can be reset, causing spoilage; and digital medical records that can be altered to cause physicians to misdiagnose, prescribe the wrong drugs or administer unwarranted care.”
The retirement of the Symbiq pump may only be the beginning of a landslide of recalls and added security features in the medical field.