A BBC report has revealed that medical devices – namely infusion pumps used to dispense drugs in hospitals – could be vulnerable to cyber attacks. The supplier at the centre of the report is a company called Hospira who are owned by Pfizer.
Hospira have told the BBC that several layers of protection would have to be breached for a malicious attack to occur. However, a claim has been made that software for the pumps could be accessed remotely and medication levels potentially altered.
The basis for the claim made by cybersecurity expert Billy Rios is that security and encryption settings on these devices are outdated and that the software was identical across different devices, making repeated breaches potentially more likely. These claims have been endorsed by Jeremy Richards from Oxtech Security who also highlighted the potential for legitimate user error at source with possible fatal consequences.