FDA: Stop Using Infusion Pump Vulnerable to Hacking

The regulatory agency is strongly encouraging health providers to discontinue use of the Hospira Symbiq infusion system.

Chris Newmarker

Updated August 3, 2015

FDA has issued yet another safety communication over a Hospira infusion system vulnerable to hacking--this time going as far as to advise health providers to stop using the device altogether.

Both Hospira and independent researcher Billy Rios confirmed that the Hospira Symbiq infusion system could be accessed remotely through a hospital's network, allowing unauthorized user to potentially change drug dosages for patients, according to the communication, released Friday.

FDA and Hospira are presently not aware of any unauthorized access of a Symbiq infusion system, or of patients harmed or killed as a result. But FDA is saying: "We strongly encourage that health care facilities transition to alternative infusion systems, and discontinue use of these pumps."

Language from FDA was less strong in May, when the agency warned about hacking concerns around Hospira's LifeCare PCA3 and PCA5 infusion pump systems. At that time, FDA advised health providers to follow recommendations from the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, which included performing a risk assessment to identify potential effects of the identified vulnerabilities.

A Hospira spokesperson declined to say how many Symbiq system are out there. Hospira had previously said it was providing additional cybersecurity protections at the "limited number of sites where Symbiq remains in use."

Hospira last May reported 55,000 LifeCare PCA3 and PCA5 infusion pumps in use around the world. It has more than 400,000 drug pumps installed in hospitals worldwide, according to Wired.

Hospira has stopped making and distributing the Symbiq infusion system, due to unrelated issues that FDA first brought up in 2013. FDA, though, warned that there are still third parties not related to Hospira that are selling the systems. The safety communication "strongly discourages" third-party purchases of the device.

When it comes to infusion pumps, Hospira has been in the process of retiring old pump models and replacing them with new ones. The company has said its next-generation infusion systems have more cybersecurity protections than the older models.

Pfizer is seeking to close a $17 billion acquisition of Hospira by the end of the year.

Chris Newmarker is senior editor of Qmed and MPMN. Follow him on Twitter at @newmarker.

Like what you're reading? Subscribe to our daily e-newsletter.