Wireless syringe pumps used to deliver drugs to patients in hospitals around the world contain flaws which could be vulnerable to hackers, a researcher has found.
Independent security researcher Scott Gayou uncovered eight faults in the Medfusion 4000 Wireless syringe infusion pump, which regulators warn could be “exploited remotely”.
The discovery has led manufacturer Smiths Medical to apologise and roll out a new version of the product in 2018. The US department of homeland security also issued a warning.
The company, part of the UK-based Smiths Group, recommends that users apply safeguards in the meantime, including backing up information and creating complex passwords.
The pumps are used to administer small and accurate drug doses to patients in neonatal intensive care units, adult critical care units, paediatric wards and operating theatres.
Its wireless connectivity means the pump can be reprogrammed remotely.
But Gayou’s findings suggest that the function of the pump could be compromised if its communications system is exploited by a highly skilled attacker.
One of the flaws was found to leave passwords exposed if the pumps are configured to allow external communication.
Smiths Medical sought to allay fears in a statement, and said it is highly unlikely that a “security exploit” would occur in a clinical setting.
It said: “We are preparing a software security update that will be rolled-out by January 2018 to resolve this issue and to protect against the potential of future cyber security exploits.
“The safety of your patients and security of our devices is of paramount importance and remains our unwavering commitment to you.”
