Hackers may be able to hijack the intravenous pumps at the hospitals. The U.S. Food and Drug Administration warned hospitals against using the Symbiq Infusion System because of a hacking risk.
The Symbiq Infusion System delivers medications intravenously. The dosage is programmed through the hospital network. The FDA said if the device is hacked, the dosage to a level can be changed, putting patients at risk.
The Department of Homeland Security earlier issued a similar warning about the the pump's vulnerability to cyberattack. Billy Rios, a cybersecurity expert, said the pump can be hacked remotely by accessing a hospital network.
"There's no question that these vulnerabilities can be used to kill someone -- we wrote an exploit that would do just that and gave the research to the Department of Homeland Security and the FDA," said Rios, a former Google software engineer.
Meanwhile, the Symbiq manufacturer Hospira has suspended production and distribution of the pump. Hospira said in a statement it is working in close association with hospitals to deploy a software update to all such devices.
"In alignment with Hospira’s cybersecurity roadmap, we’ve designed our next-generation infusion systems with enhanced network security protections in place," the statement said.
In addition to the intravenous pumps, there are several other medical devices, including insulin pumps and pacemakers, that may be vulnerable. Such devices receive data wirelessly or over a hospital's network, a feature that makes them vulnerable to cyberattack.