#SafeHealthIT issue: FDA Urges Hospitals To Stop Using Hackable Medication Pump

The FDA released a safety alert that recommends health care providers stop using a certain medication infusion pump because it is vulnerable to hacking, marking the first time the agency has recommended facilities stop using a device because of cybersecurity concerns, AP/New York Times reports (AP/New York Times, 7/31).

Safety Alert Details

In the alert, the agency warned that Hospira's Symbiq medication pump could be accessed remotely and an attacker could "control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies."

FDA said that while it does not know of any cases of the device being hacked, it "strongly encourages health care facilities to begin transitioning to alternative infusion systems as soon as possible" (Armstrong, Bloomberg Business, 7/31).

Hospira stopped manufacturing Symbiq in 2013, but FDA says the pumps are still sold by some third parties. Hospira declined to say how many of the devices are still in use (AP/New York Times, 7/31).

Reaction

In a statement, Hospira said its newer pumps have additional cybersecurity protections.

The company also said it is working with providers to deploy a software update for the pump that closes access ports and bolsters cybersecurity protections.

In addition, the company said it is working with customers of its LifeCare pumps to mitigate cybersecurity risks (Finkle, Reuters, 7/31).

In May, FDA and the Department of Homeland Security issued a safety communication about potential vulnerabilities in Hospira's LifeCare PCA3 and PCA5 pumps (iHealthBeat, 5/15).

Source: iHealthBeat, Monday, August 3, 2015

The Usability People work with you on improving the Usability of Healthcare IT.


The Usability People
Together we may save a life! #SafeHealthIT