Wireless syringe pumps used in hospitals could be vulnerable to security breach
The Medfusion 4000 Wireless syringe infusion pump is used in paediatric wards, critical care units and in operating theatres.
Wireless syringe pumps used to deliver drugs to patients in hospitals around the world contain flaws which could be vulnerable to hackers, a researcher has found.
Independent security researcher Scott Gayou uncovered eight faults in the Medfusion 4000 Wireless syringe infusion pump, which regulators warn could be “exploited remotely”.
The company, part of the UK-based Smiths Group, recommends that users apply safeguards in the meantime, including backing up information and creating complex passwords.
The pumps are used to administer small and accurate drug doses to patients in neonatal intensive care units, adult critical care units, paediatric wards and operating theatres.
Its wireless connectivity means the pump can be reprogrammed remotely.
One of the flaws was found to leave passwords exposed if the pumps are configured to allow external communication.
Smiths Medical sought to allay fears in a statement, and said it is highly unlikely that a “security exploit” would occur in a clinical setting.
It said: “We are preparing a software security update that will be rolled-out by January 2018 to resolve this issue and to protect against the potential of future cyber security exploits.
“The safety of your patients and security of our devices is of paramount importance and remains our unwavering commitment to you.”
