The U.S. Food and Drug Administration (FDA) recently issued a warning for
LifeCare PCA3 and PCA5 infusion pumps made by Hospira. According to the
agency, the medication delivery systems are susceptible to hacking.
The Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems are computerized
infusion pumps that provide the continuous delivery of anesthetic or therapeutic
drugs. Because these systems can be programmed remotely through a hospital’s
Ethernet or wireless network, the security vulnerabilities are particularly
According to the
FDA’s Safety Communication, "An independent researcher has released information about these
vulnerabilities, including software codes, which, if exploited, could
allow an unauthorized user to interfere with the pump's functioning.
An unauthorized user with malicious intent could access the pump remotely
and modify the dosage it delivers, which could lead to over- or under-infusion
of critical therapies."
Thankfully, the FDA reports that it is not aware of any security breaches or
patient injuries related to the remote-access medical products. However, the agency is working with the Department of Homeland Security
and Hospira to closely monitor the situation. The FDA also published a
series of steps that health care providers using the infusion pumps should
take to reduce the risk of unauthorized access. They include maintaining
layered physical and logical security practices for environments operating
medical devices and monitoring network activity for unauthorized use.
As we have previously discussed on this San Diego Injury Blog, the
FDA is working to strengthen the cybersecurity of medical devices, which can have a number of security vulnerabilities. While pacemakers,
defibrillators, and insulin pumps seem like unlikely targets for hackers,
a security breach could have drastic consequences. Given the potential
threats, the FDA recently advised medical device manufacturers to address
cybersecurity as part of the design and development of a product and submit
documentation to the agency about the risks identified and controls in
place to address them.
If you or someone you love has been seriously injured by a dangerous or
defective medical device, don’t hesitate to
contacta San Diego product liability attorney at the Law Offices of Robert Vaage for a free consultation.