Why Infusion Pumps Are So Easy to Hack

Cybersecurity is causing headaches across the industry as recent FDA guidance ensures that turning a blind eye to vulnerabilities will no longer be tolerated. And while awareness alone is not enough, as MDDI reported in late August, it is a step in the right direction. The latest example of just how widespread cybersecurity issues are in medtech involves a line of infusion pumps from Plymouth, MN-based Smiths Medical. According to the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), independent researcher Scott Gayou has identified eight vulnerabilities in Smiths Medical’s Medfusion 4000 Wireless Syringe Infusion Pump (versions 1.1, 1.5, and 1.6). ICS-CERT noted that Smiths Medical is planning to release a new product version to address these vulnerabilities in January 2018, but in the meantime, patients who use the device should follow certain safeguards, the agency said. Wireless infusion pumps seem to be particularly vulnerable to cybersecurity risks because they use connectivity capabilities to connect the pump to point-of-care medication systems and electronic health records. Earlier this year the National Cybersecurity Center of Excellence (NCCoE) released a draft version of practice guides specific to wireless infusion pumps. According to the NCCoE, wireless infusion pumps can be infected by malware, which can cause them to malfunction or operate differently than intended. And traditional malware protection...
Source: MDDI - Category: Medical Devices Authors: Tags: MD & M Minneapolis Software Pumps Valves Source Type: news