They also found that attackers can use the vulnerabilities to remotely kick the pumps offline, as well as adjust specific commands. For instance, they could change its configuration, which will alter infusion rates and change the dosages patients get. CyberMDX told TechCrunch that creating an attack kit is "quite easy," but the actual infiltration process can be pretty complex. It requires multiple steps and, among other things, the knowledge of a particular workstation's IP address. As TC noted, it'll be hard to actually kill a patient using the bugs.

Even so, hospitals are advised to secure their devices by updating their software -- the bugs can only be exploited on older firmware. Especially since the pump is just one of the medical devices that can be hijacked these days. Vulnerabilities in medical equipment have become a big issue lately that the FDA is asking manufacturers to boost their cybersecurity measures and protect products like pacemakers and insulin pumps from cyberattacks.