All posts from in,

FDA warns of security flaw in Hospira infusion pumps

By Jim Finkle

BOSTON (Reuters) - The U.S. Food and Drug Administration on Friday advised hospitals not to use Hospira (NYSE:HSP) Inc's Symbiq infusion system, saying a security vulnerability could allow cyber attackers to take remote control of the system.

The agency issued the advisory some 10 days after the U.S. Department of Homeland Security warned of the vulnerability in the pump, which is used to deliver medications directly into the bloodstream of patients.

The FDA and DHS cited research from independent cyber security expert Billy Rios, who found that remote attacks could be launched on patients by accessing a hospital's network.

Both the FDA and DHS said they know of no cases where such an attack has been launched, but the FDA said in its advisory that it strongly encouraged healthcare facilities to stop using the Symbiq infusion pump system and move to other devices.

"This (vulnerability) could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies," the FDA said in its warning.

It was the first time the FDA has advised healthcare providers to discontinue use of a medical device because of a cyber-security...