Medical device cybersecurity: The Internet of Things could kill you

The FDA’s warning last week about a flaw in Hospira‘s (NYSE:HSP) Symbiq drug infusion pump that hackers could exploit to take over the device has cybersecurity experts worried about the rise of the Internet of Things, as more and more medical devices are connected to the web. The federal safety watchdog said the Symbiq pump can potentially be accessed remotely through a hospital’s network, potentially opening the door to unauthorized changes to the dosage delivered by the pump, according to the federal safety watchdog. The flaw was confirmed by Hospira and an independent researcher. Although no adverse events or unauthorized access in a healthcare setting have been reported, according to the FDA and Hospira, the agency encouraged hospitals and facilities to disconnect all Symbiq devices from their networks. Hospira began phasing Symbiq out in May after the FDA warned on cybersecurity vulnerability issues with its remotely-programmed LifeCare PCA3 and PCA5 devices. “There’s no question that these vulnerabilities can be used to kill someone – we wrote an exploit that would do just that and gave the research to the Dept. of Homeland Security and the FDA,” Billy Rios, a former Google software engineer who now works as a security consultant, told the Washington Post. “These devices are actively connected to a hospital’s network – and depending on the set up of a hospital’s network someone might be able to potentially acc...
Source: Mass Device - Category: Medical Equipment Authors: Tags: Food & Drug Administration (FDA) Cybersecurity/Hacking Source Type: news