The U.S. Food and Drug Administration (FDA) issued a warning to medical facilities on Friday regarding the vulnerability of the Hospira-developed Symbiq Infusion System to cybersecurity risks.
The FDA advisory was released 10 days after officials from the U.S. Department of Homeland Security said that the pump, which is often used to directly deliver much-needed drugs into the patient's bloodstream, is susceptible to hacking in order to gain control of the device through a remote control.
Both agencies based their warnings on research provided by Billy Rios, an independent cyber security expert. Rios discovered that by accessing the network of a medical facility, cyber terrorists could take over the pump system and launch remote attacks on hospital patients.
While both the food and drug agency and the homeland security department said that they are not aware of cases of such attacks, by the FDA stated in its official advisory that it strongly suggests to medical facilities to discontinue using the Symbiq infusion system and switch to other pump medicine delivery systems.
The latest FDA advisory is the first instance where the agency encouraged healthcare providers to stop their use of a medical assisting device because of vulnerability to its cybersecurity.
The Food and Drug Administration said that Hospira had already stopped the sale and production of the Symbiq infusion system for reasons not connected to its cyber-security vulnerability. The pump system, however, remained in use in medical facilities and was still being offered by third-party groups.
In its official statement, Hospira said that they are working closely with customers of Symbiq to release a new software update that will prevent access to the pumps' ports. It will also feature new protections against cyber-security risks.
Hospira explained that this software is designed to provide Symbiq users with another layer of protection for the medical pumps while they remain available in the market for several more months.
The company added that it is also helping users of its Plum A+ and LifeCare PCA infusion devices in order to prevent similar issues with cyber-security risks.
Angela Stark, spokeswoman for the FDA, said that the agency had examined issues with other Hospira-made infusion pumps and released a safety communication on two more Hospira devices in May.