Earlier this month, the FDA posted an alert regarding Hospira’s LifeCare PCA3 and PCA5 infusion pumps. The computerized systems are used to continuously deliver anesthetic or therapeutic drugs and can be programmed remotely over a hospital’s Ethernet or wireless service.
Both Hospira and the FDA learned of certain security vulnerabilities in Hospira’s PCA3 and PCA5 infusion pumps. Apparently, an independent researcher thought it was a good idea to release software codes, among other things, that could possibly let a hacker access the pumps and changed the programmed dosages. This would obviously mean more or less medication than was prescribed, which is very dangerous depending on the diagnosis and the medication. Holy hackers! And we thought is was our bank account passwords that were most at risk.
At the moment, the FDA has not discovered any actual use of the leaked information, nor patients complaining of adverse effects. The FDA is conducting an investigation into the matter, actively working with Hospira and the Department of Homeland Security. When additional information, such as patient risks and steps to protect the devices from hacking, comes available, the FDA will make a public announcement.