- The new ‘Hunger Games’ book paints President Snow as a hero—and people are not happy Tuesday 9:03 PM
- Influencer called out for ‘troubling image’ with Kenyan child Tuesday 8:18 PM
- Professor arrested for spending $185K of grant money on iTunes and strippers Tuesday 7:28 PM
- Man cuts his books in half to make them ‘portable,’ spurs online debate Tuesday 6:09 PM
- Fans defend Lana Del Rey after she was mocked for flying commercial Tuesday 5:10 PM
- Lady Gaga fans find alleged new song name in her website’s code Tuesday 4:42 PM
- Barstool Sports deletes anti-union tweets, blog post in settlement Tuesday 3:47 PM
- The ‘can have … as a treat’ meme has come full circle Tuesday 3:09 PM
- Joe Rogan says he’s voting for Bernie Sanders Tuesday 2:54 PM
- Woman spots mole in man’s TikTok video, saves him from cancer Tuesday 2:17 PM
- ‘You’ star confirms his character is queer and ‘never will be’ straight Tuesday 1:08 PM
- This Twitch streamer pooped his pants during a broadcast Tuesday 12:17 PM
- Apple’s iCloud encryption plan halted amid FBI pressure, report Tuesday 10:57 AM
- Glenn Greenwald charged with cybercrimes in Brazil Tuesday 10:48 AM
- BadBunny rips her fans for not sending her enough money Tuesday 10:06 AM
Hackers could change patients’ medicine dosages with vulnerable device, FDA warns
A hacker could take over someone’s medicine drip.
What’s scarier than having to check into the hospital? Checking into the hospital knowing that the device controlling your medication can be taken over by hackers.
This concern has prompted the U.S. Food and Drug Administration to instruct hospitals and medical workers to stop using a patient-care device because it can be hacked and programmed to administer too much or too little medication, the Associated Press reports.
The FDA and an independent cybersecurity research team discovered a flaw in the Hospira Symbiq Infusion System that could allow an attacker to infiltrate the system remotely through a hospital’s network, gaining complete control of a patient’s dosages. The Hospira Symbiq Infusion System is used by medical workers to program automatic dosages of medicine like painkillers.
“The FDA and Hospira are currently not aware of any patient adverse events.”
The FDA said the devices should be disconnected immediately, and hospitals should monitor all the traffic attempting to connect with the affected product.
“The FDA and Hospira are currently not aware of any patient adverse events or unauthorized access of a Symbiq Infusion System in a health care setting,” the FDA said in a statement.
This is the first time the FDA has ever warned medical practitioners against using a medical product due to the risk of hacking.
The FDA said that while these devices aren’t available for purchase through Hospira, some third-party providers are still selling them. According to the AP, these aren’t the only devices with the flaw; Hospira’s Plum 360 pumps, which launched earlier this year, are also vulnerable to hacking.
Although this is the first time the FDA has warned against a product on cybersecurity grounds, the risks associated with connected devices have existed for years in hospitals that neglect to lock down security of everything ranging from medicine pumps to proper computer passwords.
One 2014 analysis of 100 of hospitals across the Midwest found a troubling pattern: Healthcare facilities were using a number of technologies connected to internal networks or to the Web that could easily be manipulated by hackers, including defibrillators meant to start or stop hearts. Wired described the findings:
A wide cross-section of devices shared a handful of common security holes, including lack of authentication to access or manipulate the equipment; weak passwords or default and hardcoded vendor passwords like “admin” or “1234″; and embedded web servers and administrative interfaces that make it easy to identify and manipulate devices once an attacker finds them on a network.
The FDA’s announcement comes just after Fiat Chrysler recalled 1.4 million cars because of a massive vulnerability that let hackers take control of a vehicle. Researchers could even disable the car while going 70 miles-per-hour on the highway.
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.