- Professor writes article defending ‘Asian romantic preference’—and no one is here for it 4 Years Ago
- Ditch Pornhub and support adult content creators instead 4 Years Ago
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni 4 Years Ago
- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell Today 3:30 PM
- Instagram expands experiment of hiding likes to 6 more countries Today 3:20 PM
- Man asks woman to stop speaking Spanish on a plane—and bystanders start speaking Spanish Today 12:55 PM
- Schumer calls on FBI, FTC to investigate FaceApp Today 12:41 PM
- Netflix loses subscribers—but hopes some tentpole shows can save it Today 12:10 PM
- Man utterly roasted for saying women can’t ask for equality in revealing clothing Today 12:07 PM
- Instagram struggles to remove photos of Bianca Devins’ dead body Today 11:14 AM
- ‘Storm Area 51’ creator says its gotten so big he’s worried about the FBI Today 10:49 AM
- Everyone loves Q baby, the baby who apparently supports QAnon Today 9:53 AM
- Thread about ‘depression meals’ is inspiring lots of relatable answers Today 9:36 AM
- How long is ‘Avengers: Infinity War’? Today 9:30 AM
- Rand Paul ripped for halting 9/11 Victim Fund re-authorization bill Today 9:18 AM
Hackers could change patients’ medicine dosages with vulnerable device, FDA warns
A hacker could take over someone’s medicine drip.
What’s scarier than having to check into the hospital? Checking into the hospital knowing that the device controlling your medication can be taken over by hackers.
This concern has prompted the U.S. Food and Drug Administration to instruct hospitals and medical workers to stop using a patient-care device because it can be hacked and programmed to administer too much or too little medication, the Associated Press reports.
The FDA and an independent cybersecurity research team discovered a flaw in the Hospira Symbiq Infusion System that could allow an attacker to infiltrate the system remotely through a hospital’s network, gaining complete control of a patient’s dosages. The Hospira Symbiq Infusion System is used by medical workers to program automatic dosages of medicine like painkillers.
“The FDA and Hospira are currently not aware of any patient adverse events.”
The FDA said the devices should be disconnected immediately, and hospitals should monitor all the traffic attempting to connect with the affected product.
“The FDA and Hospira are currently not aware of any patient adverse events or unauthorized access of a Symbiq Infusion System in a health care setting,” the FDA said in a statement.
This is the first time the FDA has ever warned medical practitioners against using a medical product due to the risk of hacking.
The FDA said that while these devices aren’t available for purchase through Hospira, some third-party providers are still selling them. According to the AP, these aren’t the only devices with the flaw; Hospira’s Plum 360 pumps, which launched earlier this year, are also vulnerable to hacking.
Although this is the first time the FDA has warned against a product on cybersecurity grounds, the risks associated with connected devices have existed for years in hospitals that neglect to lock down security of everything ranging from medicine pumps to proper computer passwords.
One 2014 analysis of 100 of hospitals across the Midwest found a troubling pattern: Healthcare facilities were using a number of technologies connected to internal networks or to the Web that could easily be manipulated by hackers, including defibrillators meant to start or stop hearts. Wired described the findings:
A wide cross-section of devices shared a handful of common security holes, including lack of authentication to access or manipulate the equipment; weak passwords or default and hardcoded vendor passwords like “admin” or “1234″; and embedded web servers and administrative interfaces that make it easy to identify and manipulate devices once an attacker finds them on a network.
The FDA’s announcement comes just after Fiat Chrysler recalled 1.4 million cars because of a massive vulnerability that let hackers take control of a vehicle. Researchers could even disable the car while going 70 miles-per-hour on the highway.
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.