The Food and Drug Administration (FDA) has issued a safety alert to users of the Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems to warn of security vulnerabilities with the programmable pumps.
The Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems are computerized infusion pumps designed to continuously deliver anesthetic or therapeutic drugs. They can be programmed remotely through a health care facility’s Ethernet or wireless network. The FDA and Hospira have become aware of security vulnerabilities in the Hospira pump systems. An independent researcher has released information about these vulnerabilities, which, if exploited, could allow an unauthorized user to interfere with the pump’s functioning.
An unauthorized user could access the pump remotely and modify the drug dosage, which could lead to over- or under-infusion of critical medications. In the alert, the FDA said it is not aware of any patient adverse events or unauthorized device access related to these vulnerabilities.
The FDA advises health care facilities to take the steps described below to reduce the risk of unauthorized access. These recommendations come from an advisory from the Department of Homeland Security in the May 13, 2015 Advisory Hospira LifeCare PCA Infusion System Vulnerabilities (Update A).
- Close Port 20/FTP and Port 23/TELNET and any other unused ports on the LifeCare PCA3 and PCA5 Infusion Pump Systems.
- Isolate the LifeCare PCA Infusion Pump System from the Internet and untrusted systems. If the pump must connect to a host network, ensure that the host network is isolated from the Internet.
- Use techniques, such as an MD5 checksum of key files, to identify if there have been any unauthorized changes to the LifeCare PCA Infusion Pump System.
- Maintain layered physical and logical security practices for environments operating medical devices.
- Use good design practices that include network segmentation. Use properly configured firewalls to selectively control and monitor traffic passed among the systems within your organization.
The FDA advises facilities to perform a risk assessment to identify potential vulnerabilities. The facility should determine whether to maintain wireless connectivity between the pumps and an isolated portion of the network, establish hard-wired connection between the system and the facility’s network, or remove the system from the network.
The FDA warns that disconnecting the device will require manual updates of drug libraries and data that is normally transmitted to MedNet from the device will not be available. Manual updates to each pump can be labor intensive and prone to entry error.
Hospira is preparing a letter to customers with risk mitigation strategies to follow. Customers can access the instructions through Hospira’s Advanced Knowledge Center. The FDA recommends that health care facilities follow good cybersecurity practices outlined in the FDA Safety Communication Cybersecurity for Medical Devices and Hospital Networks (June 2013), including restricting unauthorized access to the network and networked devices; keeping antivirus software and firewalls up to date; and monitoring the network for unauthorized use.