The Food and Drug Administration "strongly encourages" hospitals to stop using Hospira's Symbiq Infusion System, because it's vulnerable to cyberattacks that would allow a third party to remotely control dosages delivered via the computerized pumps. Unauthorized users are able to access the Symbiq system through connected hospital networks, according to the FDA and the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. ICS-CERT reported the vulnerability on July 21st and the FDA released its own safety alert on Friday, July 31st. Thankfully, there are no reported incidences of the Symbiq system being hacked.
Hospira does not sell the Symbiq system anymore, but it's still available for purchase from some third-party retailers and the FDA warns against buying it. The network vulnerability would "allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies," the organization says.
This safety alert marks the FDA's entrance into cybersecurity territory. Recently, corporate giants GM, Fiat Chrysler, Anthem insurance and United Airlines (to name a few) have faced reported hacks. Last month, the US Office of Personnel Management was the subject of a cyberattack that put the social security information of 21.5 million Americans at risk. Welcome to the digital age.