Bring An Equalizer to the Fight. Choose a Firm That Was Created to Advocate for Victims.

FDA Warns Medical Device at Risk for Cyberattack

The U.S. Food and Drug Administration (FDA) recently issued a warning for LifeCare PCA3 and PCA5 infusion pumps made by Hospira. According to the agency, the medication delivery systems are susceptible to hacking.

The Hospira LifeCare PCA3 and PCA5 Infusion Pump Systems are computerized infusion pumps that provide the continuous delivery of anesthetic or therapeutic drugs. Because these systems can be programmed remotely through a hospital’s Ethernet or wireless network, the security vulnerabilities are particularly concerning.

According to the FDA’s Safety Communication, "An independent researcher has released information about these vulnerabilities, including software codes, which, if exploited, could allow an unauthorized user to interfere with the pump's functioning. An unauthorized user with malicious intent could access the pump remotely and modify the dosage it delivers, which could lead to over- or under-infusion of critical therapies."

Thankfully, the FDA reports that it is not aware of any security breaches or patient injuries related to the remote-access medical products. However, the agency is working with the Department of Homeland Security and Hospira to closely monitor the situation. The FDA also published a series of steps that health care providers using the infusion pumps should take to reduce the risk of unauthorized access. They include maintaining layered physical and logical security practices for environments operating medical devices and monitoring network activity for unauthorized use.

As we have previously discussed on this San Diego Injury Blog, the FDA is working to strengthen the cybersecurity of medical devices, which can have a number of security vulnerabilities. While pacemakers, defibrillators, and insulin pumps seem like unlikely targets for hackers, a security breach could have drastic consequences. Given the potential threats, the FDA recently advised medical device manufacturers to address cybersecurity as part of the design and development of a product and submit documentation to the agency about the risks identified and controls in place to address them.

If you or someone you love has been seriously injured by a dangerous or defective medical device, don’t hesitate to contacta San Diego product liability attorney at the Law Offices of Robert Vaage for a free consultation.