FDA Urges Hospitals to Discontinue “Hackable” Drug Pump

Disclaimer: Results are not guaranteed*** and may vary from person to person***.

drugThe Food and Drug Administration has issued a MedWatch safety alert urging hospitals to stop using a drug delivery system that has cybersecurity flaws. The statement was delivered on July 31 and regards the “Symbiq Infusion System” produced by pharmaceutical and medical device company Hospira.

The Symbiq Infusion System is a computerized pump used to deliver a pre-set dose of drug infusions at an established rate. Such drug pumps are employed in a variety of different therapy and treatment types in hospitals, outpatient treatments, and nursing homes.

It was recently discovered that the Symbiq device can be accessed through a hospital’s network. An unauthorized individual could take control of the device by use of a fake firmware upgrade that the device uploads and installs, allowing this person to take control. If this happens, patients are at risk of getting too little—or too much—of their medication and the pump’s built-in alerts would fail to trigger.

Although there are no known incidents of this occurring, or of any hospital having their Symbiq system hacked, the risk is significant enough that the FDA has issued its warning.

For its part, Hospira has discontinued making the Symbiq Infusion Systems and is working to help affected hospitals transition to alternative options. In addition, while the Symbiq pump is no longer sold by Hospira directly, the FDA warns that some third-party suppliers may still carry it and that people should be aware if they are intending to make a purchase.

The FDA’s statement also contains some tips for hospitals transitioning off of the Symbiq pumps. Until a replacement pump is acquired, for instance, it is advised that Symbiq models be disconnected from the network and that care should be taken during manual drug updates to avoid user error.

This is the second warning about the Symbiq system that the FDA has issued. The first warning came in early May after a researcher discovered the initial vulnerability, and urged caution as an investigation was performed. The most recent statement comes as a result of an investigation by the FDA and Hospira and has resulted in the formal urging to discontinue the use of the pump.

Sources for Today’s Article:
“Symbiq Infusion System by Hospira: FDA Safety Communication,” U.S. Food and Drug Administration web site, July 31, 2015;https://www.fda.gov/safety/medwatch/safetyinformation/safetyalertsforhumanmedicalproducts/default.htm.