What does Cyber security and the U.S. Food and Drug Administration (FDA) have in common? In what may be a first for the agency, the FDA has issued a cybersecurity alert to hospitals using computer-controlled pumps to administer drugs to patients.
The FDA warned that the Symbiq Infusion System, manufactured by Hospira, contains vulnerabilities in its software that could allow a hacker to adjust the dosage of a drug. The vulnerabilities were first detected by cybersecurity researcher Billy Rios, and later confirmed by the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team.
The FDA says Hospira is aware of the cybersecurity weaknesses with the Symbiq Infusion System, and has recommended hospitals stop using them and switch to alternative infusion systems. The agency said it was not aware “of any patient adverse events or unauthorized access of a Symbiq Infusion System in a health care setting.”