Wednesday, 27 May 2015

Hackable Infusion Pumps In Hospitals Around the World... Yikes!

Although hospitals seem like the best place to be if you’re extremely sick, we don’t always realize just how dangerous they can be.  Everyone knows that there is a very fine line between a safe dose and a fatal dose of medicine, what is safe for you can be fatal for someone else.  Even the smallest mistake in a dosage calculation can lead to a patient’s death, and that's without technology interfering.


It was discovered recently that Hospira infusion pumps can be hacked remotely, the hacker would be able remotely bump up dosage limits which could, in time, lead to fatal overdoses. These pumps have been distributed to hospitals all over the world and are being used on patients right now (Zetter).


Hospira claims that their pumps are superior to others in terms of security and safety, but in comparison with other pumps they are sub-par. To be fair, the pumps in question do have some security measures, but nothing that even a rookie hacker can’t break through.  One expert goes so far as to compare them to an iPhone, saying that the phone is more secure (Zetter).  


I think it is unacceptable that these pumps were even allowed to be on the market, this is a major flaw that should have been caught during quality assurance testing.  Thankfully there have been no widespread hacking incidents regarding the pumps, but it’s only a matter of time.  There are lots of other medical devices that can be hacked, but none so easily as this.


A link to the full article can be found here

Do you think that the flaw in the pump could’ve been caught before they were distributed to hospitals?  How would you react if you or a loved one was hooked up to one of these devices?

2 comments:

  1. Hey Laura, Sonja here,
    This is completely outrageous! I definitely think that this "minor" error could have been caught much much earlier than to the point of realization was after it was globally distributed. I hope whoever was in charge of security on those pumps get a stern talking to, and better more become fired. Still I don't understand how such slips can be made especially in health sciences where technology, accurate precise and secure technology is extremely important. If someone especially anyone I would have known, even if only a mild acquaintance I would be thoroughly outraged. These mistakes should not have been made in the first place, and I probably would have sued the company and or the distributor for not doing better at their jobs!

    ReplyDelete
  2. Although I do think that it is disturbing that the pumps are easily hackable, I question why the company did this in the first place. After reading your article it said that the pumps were hackable because someone could trick its updating system over the internet, but this asks the question as to who is so lazy to update medical equipment over the internet. I feel that there is a bit of a legal issue at work, I feel like it should be restricted to allow someone to alter the firmware of important equipment like this over the internet. For example, this would theoretically allow someone at that company to distribute whatever they want over the internet to these pumps before anyone could stop them. It would be like if someone in Washington patched a missile silo to fire without telling anyone… they shouldn’t allow direct alteration of the firmware over the internet, and only should allow the delicate updating work in person. This would prevent anyone from installing random things in the pumps and possibly killing people. I do however think that the person who came up with this idea was probably trying to be more cheap then lazy, due to the fact that they were undoubtedly trying to get rid of manual maintenance, and for that they should lose credibility in there marketplaces. The company that made the pumps probably knew they could be theoretically hacked from the start and hoped no one would notice.

    ReplyDelete