Government & Policy

Medical device security vulnerabilities prompt FDA alert

By Government Health IT Staff
May 18, 2015
01:21 PM

The U.S. Food and Drug Administration issued an alert last week recommending that health care facilities take steps to reduce security vulnerabilities in drug infusion pumps made by Hospira.

FDA said information has been publicly released about these vulnerabilities, including software codes, which, if exploited, could allow an unauthorized user to interfere with the pump’s functioning.

“As a result, an unauthorized user with malicious intent could access the pump remotely and modify the dosage it delivers, which could lead to over- or under-infusion of critical therapies,” the FDA alert said.

The alert relates to health care facilities using the Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems. The FDA said facilities can reduce the risk of unauthorized access by implementing the recommendations issued by U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Those recommendations include closing specific ports on the pumps, isolating the pumps from their Internet connection and untrusted systems, maintaining existing security practices and network segmentation, and performing risk assessment.

The alert followed a notice May 13 from the ICS-CERT warning of the vulnerability. The notice said an improper authorization vulnerability and an insufficient verification of data authenticity vulnerability had been identified in Hospira’s LifeCare PCA Infusion System. The vulnerabilities could allow an attacker to remotely modify LifeCare PCA Infusion pump, alerting medication libraries and pump configuration, ICS-CERT said in its alert.

In November 2014, the FDA published nonbinding guidance recommending best practices for securing medical devices. The guidance was issued after an October 2014 report that the Department of Homeland Security was investigating 24 medical manufacturers, including Hospira, was security flaws in medical devices.

ICS-CERT said Hospira has developed a new version of the LifeCare PCA Infusion System and has stated that this new version will mitigate these vulnerabilities.

Topics: 
Government & Policy

More regional news

HIMSSCast logo

HIMSSCast: Caregiver input needed for allocation of investment dollars

By
Bill Siwicki
November 15, 2024
HHS Building

Trump picks RFK Jr. to lead HHS

By
Susan Morse
November 15, 2024
Sign outside FDA office

Lawmakers ask CDRH to revisit its CDS guidance

By
Andrea Fox
November 15, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Former Georgia Rep. Doug Collins
Trump taps former Rep. Doug Collins to head VA

Most Read

Clinical IT leaders on meeting CMS' mandate for patient data access
Epic and Oracle Health sign on to Veteran Interoperability Pledge
Texas AG settles with clinical genAI company
Interoperability in healthcare moving forward despite challenges
What Loper Bright and the end of Chevron deference mean for HHS
India to harness ABDM data to develop public AI

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Lee Kim at HIMSS_Global Health Equity Week 2024
AI can be leveraged to improve cybersecurity and health equity
Dr. Keisuke Nakagawa at UC Davis Health_Global Health Equity Week 2024
How artificial intelligence is changing the equation for SDOH integration
Andrea Hsu at National Science and Technology Council_HIMSS24 APAC
Fostering health IT innovation through academic-industrial collaborations
Valerie Rogers at HIMSS_Global Health Equity Week 2024
Technology and policy have a role to play in improving maternal health

More Stories

HIT professional reviews information on a laptop outside a server room
ASPR seeks feedback on public health orgs' cybersecurity needs
Gabriel Jones of Proprio on AI
Artificial intelligence is enabling big advances in surgery
Pharmacist sorting pills
Deploy RFID technologies to streamline controlled substance management
Healthcare workers in a meeting
Prioritizing cost management at U.S. healthcare systems: Keys to better margins
Healthcare worker looking at medical record on tablet with patient in background
Protect your IoMT devices against evolving cyberattacks
Jill Brewer at HIMSS_Healthcare Cybersecurity Forum 2024
What's the weakest link in organizational cybersecurity? Not what you might think
Richard Staynings at the University of Denver_Healthcare Cybersecurity Forum 2024
The challenges of safeguarding healthcare's 'data ocean'
Avihai Sodri of Antidote Health on telemedicine
How virtual-first can improve outcomes and make care more affordable