Pumps Get IQ Boost Against Hacking

Vendor collaborations help close security gap

In September 2017, Smiths Medical worked with the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to announce that an independent researcher had found eight vulnerabilities in its Medfusion 4000 wireless syringe infusion pumps. This meant that a skilled hacker could remotely access the pumps, altering their behavior.

Although there were no known exploits by hackers, the company had to take action, releasing an ICS-CERT advisory and a letter to customers alerting them to the potential vulnerabilities, and suggesting temporary fixes like monitoring network activity of the pumps for connections to rogue servers and entering strong passwords. Last December, the company issued a software update to its customers to protect against the vulnerabilities and automatically installed it in all new pumps being shipped.

It’s just one example of how connected devices such as infusion pumps are potentially vulnerable to hackers, and the importance of vendor collaboration to close or at least narrow the security gap. In 2015, security experts demonstrated how to hack into a Hospira pump and start issuing commands during a security meeting sponsored by BlackBerry. At the time, some critics said it was already an older device.

Still, “that was a wake-up call,” said Matt Hutchings, MBIM, the senior director of marketing and innovation at ICU Medical, which acquired Hospira Infusion Systems from Pfizer in February 2017. “There has been a serious industry focus on closing potential cybersecurity threats, showing leadership and certifying equipment to FDA guidance-based standards.”

Read the Full Article