back to article This hospital drug pump can be hacked over a network – and the US FDA is freaking out

The US Food and Drug Administration has told healthcare providers to stop using older drug infusion pumps made by medical technology outfit Hospira – because they can be easily hacked over a network. "Hospira and an independent researcher confirmed that Hospira’s Symbiq Infusion System could be accessed remotely through a …

  1. Anonymous Coward
    Anonymous Coward

    Already inside the hospital?

    "Exploiting cybersecurity vulnerabilities requires penetrating several layers of network security enforced by the hospital information system, including secure firewalls,"

    If you are inside the network then the ports must be open for the devices to work, and it is not unreasonable to think that a hacker could get inside. VLANs might make it a bit more difficult but not impossible. I can get through things at work with static routes.

    In any case I would have thought the firewall is one layer, not several layers, I smell BS.

    Hospira said in a statement. "These measures serve as the primary defense against tampering with medical devices. The cybersecurity protections on infusion pumps add an additional layer of security and play a critical role in providing safe and effective patient care."

    I'm confused, if you are inside the network what is the primary defense and they have not offered any evidence of cybersecurity (whatever that means) as they left ports open had default usernames and passwords.

    I hope I die from my bad habits rather than bad security on medical devices, but as time passes I think I might have to up my alcohol intake and perhaps take up smoking to avoid the perils of technology curling the beckoning finger of death at me.

    1. Destroy All Monsters Silver badge

      Re: Already inside the hospital?

      "Here lies patient tended by machine X. He died of port 80"

  2. Mark 85

    This is an IoT, right?

    Or at least smells like it. I'm not sure why the device needs to be on the network as they didn't use to be. The nurse changed the meds, reset the pump or programmed it if the first time, and let it run. X-hours later, they came back.. rinse and repeat as it was done on scheduled rounds.

    1. John Brown (no body) Silver badge

      Re: This is an IoT, right?

      ...because it's cheaper for the nurses rounds to be directed by computer to where the next drug dose is about to end rather than possibly arriving early and either having to wait before changing the drugs in the pump or "throwing away" the remaining dose already in the pump. Hospitals are run by bean counters, not doctors.

  3. berserko1

    I saw BlackBerry show this exploit a week or 2 back at their security summit. They were using it as an example of the current reality of IoT. They uploaded some malware (looked like a shell script) ran it changed the LCD to read "dead" and pumped all the fake drugs out of the machine. The video is online for the interested. It was at the end of the show.

    1. Anonymous Coward
      Devil

      Hell, this beats "Aliens Ahead" roadsigns.

    2. Mpeler
      Windows

      LCD modes

      Used to do this (albeit less dangerously) on HP Laserjunk printer displays.....

  4. Anonymous Coward
    Anonymous Coward

    > "a limited number of sites."

    So any number other than "infinity" I guess. So not necessarily small or large.

    Marketing people. I do hate them.

    1. Tomato42
      Trollface

      What do you mean? It is US, Canada and Mexico, just 3, geographically limited regions. It doesn't even include high percentage of world population!

  5. Ole Juul

    including secure firewalls

    Firewall. They just had to get that word in there because it's all good then.

  6. Steve Davies 3 Silver badge
    Big Brother

    Just the tip of the Iceberg folks

    The IOT era will be littered with hundreds if not thousands of similar incidents.

    I for one will not connect any bit of kit in my home unless I know exactly what it is doing AND who it is phoning home to. I will also run my own intrusion tests to detect what ports etc are open.

    Paranoid? Sure but I do not want my Fridge calling the supermarket with an order, my TV seeing that I might be standing stark naked in my front room and telling the world etc etc etc.

    There will be some who are comfortable level of intrusion with this but I'm not and never will be.

    1. Anonymous Coward
      Joke

      Re: Just the tip of the Iceberg folks

      > Paranoid? Sure but I do not want my Fridge calling the supermarket with an order, my TV seeing that I might be standing stark naked in my front room and telling the world etc etc etc.

      And just to be extra sure, don't stand naked in front of the fridge either.

      1. Mpeler
        Pint

        Re: Just the tip of the Iceberg folks

        Yep, then ye won't get any beer...

  7. FelixReg

    firewall does the trick?

    Don't be surprised if your local medical facility is filled with unpatched Win-XP machines and exploitable USB ports.

    They and the firewall are protected by the fact that no one cares enough to exploit them. Not unlike the rest of the world.

  8. jake Silver badge

    Why, exactly, do these things need outside connectivity in the first place?

    If you've ever spent any time in a hospital (or a vet clinic, for that matter!), you'd know that there is always somebody within arm's reach when pushing life&death drugs mechanically.

    Marketards in charge of engineering will undoubtedly be the death of humanity ... and are probably the biggest signal that humanity is an evolutionary dead-end.

    1. Aidan242

      Re: Why, exactly, do these things need outside connectivity in the first place?

      The connectivity idea was to help to prevent dosage errors. Slap a barcode on the drug so that the machine know what it is, and can enforce upper and lower dosage limits. There had been cases where the human setting up previous machines couldn't tell the difference between milligrams and micrograms, and/or where the decimal point was.

      1. a_yank_lurker

        Re: Why, exactly, do these things need outside connectivity in the first place?

        Assuming the information in the database is correct and programming does not have any errors, then it is perfect. The most reasonable assumption is when humans are involved there will be errors. Only are we talking about about a one-off error for one patient or an unknown error that affects many patients.

        1. John Brown (no body) Silver badge

          Re: Why, exactly, do these things need outside connectivity in the first place?

          "Assuming the information in the database is correct and programming does not have any errors, then it is perfect."

          Such as having to prove one is over 18 to buy plastic picnic cutlery from ASDA on the self service tills because...**KNIVES***!!!!!!

          Not quite as potentially lethal as a drug overdose, but KNIVES!!!!! DEATH!!!! MAYHEM!!!

      2. noj

        Re: Why, exactly, do these things need outside connectivity in the first place?

        When you're in a hospital (a real one at least) nearly every thing done to and for a patient is recorded. Bar code matching is critical for making sure the right order got to the right patient but that's only one part of the picture.

        There are many different hospital systems at play here. The doctor places a med order on one system that is destined for a patient registered on a different system who has medical history on an entirely different system. Try to wrap your mind around each specialty, like say radiology, having their own unique system designed to best maintain information on that specialty. All that information needs to be gathered and placed on a central computer so the entire patient picture can be seen in one piece.

        "Things" do not have all that information on a patient; they have to be connected to the same central computer that can match that "Thing's" information to the rest of the patient's information. In doing so there is a cross-check between the a doctor's order and the patient that better insures a correct match. Everyone looks at the nurse and says this keeps him or her from making an error. I look at the nurse as the last line of defense against making an error. The "Thing"/central computer reduces - but does not remove altogether - the nurse's role in insuring the right dosage goes to the right patient. With all the electronics involved, one look at a patient by a good nurse can provide more real time information than all the "Things" we can imagine.

        The industry is working towards cross-checking meds and dosages against patient age and drug allergies, even checking against conflicts between the medications themselves and their side effects. And all that information in one place allows informatics teams to find patterns to better predict and move toward or away from protocols that produce better patient outcomes.

        The direction I do not like in the article is that a central source can be used to actually change dosages or other "Thing" parameters. I'm sure that will come to pass to reduce the number of nurses needed to care for patients but the idea of someone pushing the wrong button for the wrong patient I find scary on a level approaching sci-fi.

        1. PNGuinn
          Facepalm

          Re: Why, exactly, do these things need outside connectivity in the first place?

          @ noj

          Why is my mind running along the lines if the pump issuing a little satisfied sigh everytime it injects a med just not quite like tea...

          The problem with all this is that the nurse - assumed to be a competent caring person - will be tempted to / have to because of the staff cuts required to pay for the technology rely too much on it. Somewhere in the system there will always be PEBCAC. Probably in multiple places. The nurse is often the last line of defense.

  9. NanoMeter

    Wait for IoT to become ordinary and see weird things happen

    like a house possessed by hackers.

    1. FelixReg

      Re: Wait for IoT to become ordinary and see weird things happen

      Guaranteed, someday a sweet girl will be flying in from New York and find the suburban house and street lights far below her showing a moving-dot display of "Beth, will you marry me?"

      And then we'll know all this work we've done to make electronic brains available to every person of every age, in every walk of life, will have been worth it. Yes, worth it, indeed.

  10. Zog_but_not_the_first
    Coat

    Open ports?

    The only ports that should be open in a hospital are, er, never mind.

    Mine's the white one with the stethoscope in the pocket and sporting a badge reading "IoT? Nein Danke".

  11. Anonymous Coward
    Anonymous Coward

    "These measures serve as the primary defense against tampering with medical devices"

    Surely the primary measure should be a secure device!

  12. fearnothing
    FAIL

    "Exploiting cybersecurity vulnerabilities requires penetrating several layers of network security enforced by the hospital information system, including secure firewalls,"

    And as we security pros know, hospitals are renowned for how well locked down and protected their networks are.

    *snerk*

  13. Speltier

    Connectivity

    Another reason for connectivity is to signal failures: blockage, flow below normal, cath fell out, watchdog (somewhat presumes device is designed more or less fail safe (uh...) calling home periodically),...

    One has to wonder what rock the software developers were under when they created this null security device. Prior to the 90's ignorance was bliss outside computer orgs, but after the 90's there is no excuse.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like