- Who survived the ‘Game of Thrones’ series finale? Sunday 10:21 PM
- Justin Bieber fans are damaging one of Iceland’s top tourist spots Sunday 1:28 PM
- James Charles drops 41-minute response video to Tati Westbrook’s accusations Sunday 1:15 PM
- Watch what happens when this Twitch streamer quits his job on camera Sunday 12:25 PM
- Men are finally sharing their abortion stories Sunday 10:58 AM
- Netflix’s ‘Maria’ is a trigger-happy B-movie Sunday 9:07 AM
- How to stream Money in the Bank 2019 for free Sunday 9:00 AM
- How to watch ‘Game of Thrones’ season 8, episode 6 for free Sunday 8:00 AM
- These ‘Game of Thrones’ houses are gone forever Sunday 7:54 AM
- The 10 best anime movies on Hulu Sunday 7:00 AM
- Vibe TV puts a premium price tag on piracy Sunday 6:00 AM
- Twitter unites in collective confusion over ‘Democrats for Trump’ trending Saturday 2:28 PM
- YouTube star tweets and deletes video of his Black cousin ‘Peanut’ acting as a stool Saturday 1:04 PM
- The ‘Do you wash your legs in the shower’ debate has now escalated to feet Saturday 12:20 PM
- Trump posts a world-class golf score, and the internet laughs at him Saturday 10:46 AM
Hackers could change patients’ medicine dosages with vulnerable device, FDA warns
A hacker could take over someone’s medicine drip.
What’s scarier than having to check into the hospital? Checking into the hospital knowing that the device controlling your medication can be taken over by hackers.
This concern has prompted the U.S. Food and Drug Administration to instruct hospitals and medical workers to stop using a patient-care device because it can be hacked and programmed to administer too much or too little medication, the Associated Press reports.
The FDA and an independent cybersecurity research team discovered a flaw in the Hospira Symbiq Infusion System that could allow an attacker to infiltrate the system remotely through a hospital’s network, gaining complete control of a patient’s dosages. The Hospira Symbiq Infusion System is used by medical workers to program automatic dosages of medicine like painkillers.
“The FDA and Hospira are currently not aware of any patient adverse events.”
The FDA said the devices should be disconnected immediately, and hospitals should monitor all the traffic attempting to connect with the affected product.
“The FDA and Hospira are currently not aware of any patient adverse events or unauthorized access of a Symbiq Infusion System in a health care setting,” the FDA said in a statement.
This is the first time the FDA has ever warned medical practitioners against using a medical product due to the risk of hacking.
The FDA said that while these devices aren’t available for purchase through Hospira, some third-party providers are still selling them. According to the AP, these aren’t the only devices with the flaw; Hospira’s Plum 360 pumps, which launched earlier this year, are also vulnerable to hacking.
Although this is the first time the FDA has warned against a product on cybersecurity grounds, the risks associated with connected devices have existed for years in hospitals that neglect to lock down security of everything ranging from medicine pumps to proper computer passwords.
One 2014 analysis of 100 of hospitals across the Midwest found a troubling pattern: Healthcare facilities were using a number of technologies connected to internal networks or to the Web that could easily be manipulated by hackers, including defibrillators meant to start or stop hearts. Wired described the findings:
A wide cross-section of devices shared a handful of common security holes, including lack of authentication to access or manipulate the equipment; weak passwords or default and hardcoded vendor passwords like “admin” or “1234″; and embedded web servers and administrative interfaces that make it easy to identify and manipulate devices once an attacker finds them on a network.
The FDA’s announcement comes just after Fiat Chrysler recalled 1.4 million cars because of a massive vulnerability that let hackers take control of a vehicle. Researchers could even disable the car while going 70 miles-per-hour on the highway.
Selena Larson is a technology reporter based in San Francisco who writes about the intersection of technology and culture. Her work explores new technologies and the way they impact industries, human behavior, and security and privacy. Since leaving the Daily Dot, she's reported for CNN Money and done technical writing for cybersecurity firm Dragos.