As it turns out that’s exactly what the FDA is worried about and has recently issued a warning to hospitals in the US. The warning is over the use of a drug infusion pump created by medical company Hospira, claiming that the device is apparently susceptible to being hacked. The FDA is now advising hospitals who are still using the system to quickly switch to an alternative system.
According to the FDA, “Hospira and an independent researcher confirmed that Hospira’s Symbiq Infusion System could be accessed remotely through a hospital’s network. This could allow an unauthorized user to control the device and change the dosage the pump delivers, which could lead to over- or under-infusion of critical patient therapies.”
It seems that the reason the systems are susceptible to being hacked is due to the FTP and telnet ports of the system being left open, meaning that they will need to be closed. Some of the systems were even shipped with a default login password which the FDA is advising hospitals to change ASAP.
The vulnerability was discovered by a white-hat hacker by the name of Billy Rios who then reported it to the Department of Homeland Security. Hospira claims that they are working with hospitals to deploy and update that should address both issues.