The FDA yesterday warned hospitals about a security risk with 2 models of Hospira (NYSE:HSP) drug infusion pumps, citing an independent researcher’s discovery of a flaw that could allow hackers to manipulate the devices.
Security researcher Billy Rios found that hackers could upload a new drug library into Hospira’s remotely-programmed LifeCare PCA3 and PCA5 devices, thereby altering their dosage limits, according to Wired magazine. That creates a risk for potentially deadly doses of anesthetic or pain drugs.
Yesterday the FDA said Rios’ discovery "could allow an unauthorized user to interfere with the pump’s functioning."
"An unauthorized user with malicious intent could access the pump remotely and modify the dosage it delivers, which could lead to over- or under-infusion of critical therapies," the agency said, adding that it hasn’t received any related reports of adverse events.
Hospitals using the Hospira pumps should take a series of security measures to isolate the devices from the Internet and untrusted systems, the FDA said, to reduce the risk posed by the pumps.