Terrorists 'could HIJACK hospital equipment and pump LETHAL doses of drugs into patients'

Hackers could access the system by using poorly-secured public networks

TERRORISTS could hijack hospital equipment used to pump medicine into patients' bodies to deliver lethal doses, officials have warned.

 

Doctors have been told to stop using Hospira's Symbiq blood infusion system because cyber attackers could remotely control it by exploiting poorly-secured public networks.

 

The system is used to pump drugs directly into patients' bodies

A would-be hacker could then potentially change the dose – pumping deadly levels of drugs directly into sick patients' bloodstreams.

The amounts could also be altered to dangerously low levels meaning the critically ill or those in intensive care would not get the enough medicine to keep them alive.

Officials at the US Food and Drug Administration have now urged hospitals to scrap the system after cyber expert Billy Rios discovered the flaw.

 

In a nationwide warning, it said the vulnerability "could allow an unauthorised user to control the device and change the dosage the pump delivers".

It added that such a hack "could lead to over- or under-infusion of critical patient therapies".

No cases have of attacks on the system have yet been recorded, but the FDA is strongly advising hospitals to stop using the Symbiq infusion pump system and move to other devices.

IT experts at Hospira are now working to rush out an emergency update that closes access to the pump.

 

The company said in a statement: "This option provides our Symbiq customers with another layer of security for the devices while they remain in the market for another few months."

Medical technology expert John Halamka urged hospitals to put their devices behind firewalls and on private internal networks.

But he said that ultimately the responsibility for security lies with manufacturers.

He said: "They need to re-engineer their devices with security built in."

It comes just days after Fiat Chrysler was forced to recall 1.4 million vehicles over fears hackers could control the engines remotely.