Security Researcher Billy Rios had discussed certain vulnerabilities in a popular drug infusion pump, which hackers can exploit to raise the dosage limit on medication. This would mean that if a caregiver accidentally gave instructions to the pump to give too high or too low a dosage, there would be no alerts from the pump!
Now, Rios has found something that is even worse. A hacker can access the punp system alter the dosage itself! He found that there are some security gaps which can allow a hacker to remotely alter the amount of drugs administered to a patient.Hackers Can Kill Patients by Fatal Overdoses by Hacking into Hospital Drug Infusion Pumps Click To Tweet
These vulnerabilities have been found in five models of drug infusion pumps made by Hospira.
The vulnerable models include the company’s standard PCA LifeCare pumps; its PCA3 LifeCare and PCA5 LifeCare pumps; its Symbiq line of pumps, which Hospira stopped selling in 2013 due to concerns raised by the FDA over other quality and safety issues with the pumps; and its Plum A+ model of pumps. Hospira has at least 325,000 of the latter model alone installed in hospitals worldwide.
Remember the plot from Homeland where the US Vice President’s pacemaker is remotely hacked to kill him? Well, that may not be as far fetched as it had seemed at that time!