FDA Issues Safety Communication for Medical Device Vulnerabilities
May 17, 2015 in News
On Wednesday, FDA issued a safety communication to help health care facilities protect against security vulnerabilities found in two computerized drug infusion pumps manufactured by Hospira, AHA News reports (AHA News, 5/14).
Last year, news broke that the Department of Homeland Security was investigating possible vulnerabilities in about 24 medical devices, including Hospira’s drug infusion pumps.
Officials said that there had been no documented instances of medical device hacking at the time.
Details of New Guidance
FDA’s most recent communication follows a report from an independent researcher detailing how vulnerabilities with two Hospira pump systems’ security could allow hackers to interfere with their normal functions.
FDA said it is not aware of any instances in which unauthorized access to the pumps has caused adverse events. However it has issued recommendations to reduce the risk of hacking (AHA News, 5/14).
- Following the cybersecurity best practices outlined in FDA’s 2013 cybersecurity guidance; and
- Performing risks assessments of the devices (FDA guidance, 5/13).