Skip to navigationSkip to content

US officials warn that medical devices are vulnerable to hackers

Reuters/Robert Galbraith
Cybersecurity researcher Billy Rios searches for flaws in medical equipment.
  • Hanna Kozlowska
By Hanna Kozlowska

Investigative reporter

Published This article is more than 2 years old.

In today’s hyper-connected world, hackers can remotely disable your car, play around with traffic lights, and change the target of a sniper rifle. Now we can add this to the list of terrifying hacks: the US government has found vulnerabilities in the infusion devices that hospitals use to administer intravenous drugs, which could enable hackers to change the dosage of critical medicines.

Two federal agencies are warning hospitals not to use the Symbiq drug infusion pump made by Hospira, due to “cybersecurity vulnerabilities.” A warning from the Food and Drug Administration (FDA) on Friday said that while this has not yet happened, an independent researcher confirmed that the pump can be accessed through a hospital’s network, enabling a hacker to change dosages and other settings.

The FDA asked hospitals to disconnect the devices, which are no longer being sold directly by Hospira but are widely available through third-party vendors. The US Department of Homeland Security issued a similar statement last month, and both agencies cautioned about vulnerabilities in other pumps made by Hospira earlier this year. The medical device maker promised to spend up to $350 million to phase out its Symbiq, GemStar, and Plum brand pumps, among others, over the next two to three years.

 

📬 Kick off each morning with coffee and the Daily Brief (BYO coffee).

By providing your email, you agree to the Quartz Privacy Policy.