The fear of being hacked while online via your computer is a real fear that many people have. This fear is warranted as the number of attacks that happen daily are continuing to rise. However, a new fear is in place for many people who utilize a drug infusion pump. These drug infusion pumps are used in a variety of situations in which a person may need constant streams of medication delivered into their systems, or they are in the need of having timely doses of medication. The new fear is that these drug infusion pumps can be hacked and made to deliver lethal doses of medication.
The Threat is Real
A security researcher, Billy Rios, first stated that these pumps had errors in them earlier in the year, as a hacker could hack into these. However, there seemed to be little worry over this. The reason being is that these pumps are designed to warn the patient or caregiver when more medication is being delivered and when these settings have changed.
Now Rios is stating that a hacker could get into these pumps, change the dosage with ease and no one would be the wiser for the change. Rios stated:
“This is the first time we know we can change the dosage.”
How the Pumps can be Hacked
These pumps are hooked into the hospitals’ library of drug information. A hacker who knows what they are doing can easily hack into this systems via the serial cable to the circuit board, gaining access to the firmware. The pumps that are being affected have firmware in place that will take any change or update, even if these are not official. Rios explains:
“And if you can update the firmware on the main board, you can make the pump do whatever you like.”
The drug dosage could be changed, but the screen could also be altered to show no change in the dosage. Meaning that caretakers would be none the wiser for what is going on.
Most of the pumps affected are manufactured by Hospira, a firm that is based in Illinois that has over 400,000 pumps located in hospitals throughout the world. The pump models that have been affected according to the research are:
- PCA3 LifeCare
- PCA5 LifeCare
- Symbiq lines (that were off the market by 2013)
- Plum A+ model ( a very popular model that most hospitals utilize)
Hacking is becoming more in-depth and with all the computer software that medical machines utilize, it makes sense that these machines are becoming more vulnerable to hackers. It is important that manufacturers realize this risk and take the appropriate measures to ensure this does not happen.