Infusion pumps vulnerable to hackers

September 22, 2017
Medicare Web

Cybersecurity vulnerabilities in infusion pumps could allow a hacker to gain access and compromise operation, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) recently announced.

An independent research discovered the vulnerabilities in Smiths Medical’s Medfusion 4000 Wireless Syringe Infusion Pump. The vulnerabilities can be exploited remotely, ICS-CERT said. The affected pumps are:

  • Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1
  • Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.5
  • Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.6

Smiths Medical is planning to release a new version to address the vulnerabilities in January 2018. In the meantime, Smiths Medical recommends the following mitigation measures:

  • Assign a static IP address to the pump
  • Follow the strongest password protocols including use of uppercase, lowercase, special characters, and an eight-character minimum
  • Install Medfusion 4000 pumps on network segments that are separated from other infrastructure
  • Monitor network activity for suspicious servers
  • Perform routine backups and evaluations

Organizations are encouraged to examine use of the pump in their specific clinical environment and perform an impact analysis and risk assessment. If suspicious activity is identified, the organization should follow internal procedures and report the findings to ICS-CERT, the agency said.

Related Topics: 
HIPAA