Stories
Slash Boxes
Comments

SoylentNews is people

FDA to Hospitals: Ditch Remotely Hackable IV Pumps

posted by cmn32480 on Monday August 10 2015, @04:01AM   Printer-friendly
from the how-about-patient-safety dept.

fliptop writes:

According to Engadget:

The Food and Drug Administration "strongly encourages" hospitals to stop using Hospira's Symbiq Infusion System, because it's vulnerable to cyberattacks that would allow a third party to remotely control dosages delivered via the computerized pumps. Unauthorized users are able to access the Symbiq system through connected hospital networks, according to the FDA and the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. ICS-CERT reported the vulnerability on July 21st and the FDA released its own safety alert on Friday, July 31st. Thankfully, there are no reported incidences of the Symbiq system being hacked.

Hospira no longer sells the Symbiq system anymore, but it's still available via third-party vendors. Spotted on The Eponymous Pickle.

Original Submission

 
This discussion has been archived. No new comments can be posted.
FDA to Hospitals: Ditch Remotely Hackable IV Pumps | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by VLM on Monday August 10 2015, @11:55AM

    by VLM (445) on Monday August 10 2015, @11:55AM (#220637)

    The way to maximize profits is the long con, get the hospital accountants suckered into depreciating some pump for the usual 25 years or whatever, then release a new internet pump every year coincidentally ending security support for the old pumps so you gotta buy a full set of new pumps annually for "security" reasons.

    Basically the (non-apple) smartphone business model. Don't sell them an android phone, sell them an android phone every year, assuming they want OS and security updates.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by LoRdTAW on Monday August 10 2015, @01:58PM

    by LoRdTAW (3755) on Monday August 10 2015, @01:58PM (#220677) Journal

    I doubt it's that diabolical. The yearly security angle is silly since another competitor would undercut them by selling units that dont need yearly upgrades or something. Remember, they aren't the only ones in the game. Someone else will try to out compete them.

    I'm guessing the pump maker had a board meeting to figure out how to make their products "stand out". After calling in a few engineers and flogging them for ideas, someone says something about "seamless", "connected", "networked" and some other buzzwords. Upper management is satisfied and senior engineers then flog juniors into jamming wifi modules, color touch LCD's and other nonsense into something that didn't need it. Then their salesman convinces the hospital bean counters that the new system makes management of patients easier thus cutting down on the number of man hours needed which instantly translates into savings. It's a trickle down effect of needing to stay competitive.

    Some things are better off left disconnected from the internet.