FDA alerts health care facilities to infusion pump cybersecurity vulnerability
The Food and Drug Administration has alerted health care facilities to cybersecurity vulnerabilities with an infusion pump used for continuous delivery of general infusion therapy. According to FDA, Hospira and an independent researcher confirmed that the Symbiq Infusion System could be accessed remotely through a hospital network, which could allow an unauthorized user to control the device and change the dosage the pump delivers. The agency is not aware of any adverse events or unauthorized access of the system in a health care setting, but strongly encourages facilities to transition to alternative infusion systems as soon as possible and consider taking certain steps to reduce the risk of unauthorized system access while transitioning. Hospira has stopped making and distributing the Symbiq Infusion System due to unrelated issues, and is working with customers to transition to alternative systems. In May, FDA issued recommendations to reduce the risk of security vulnerabilities identified in two other computerized infusion pumps made by Hospira.