Hospitals and other healthcare facilities should stop using the Symbiq Infusion System manufactured by Hospira because hackers could gain access to the device and give patients life-threatening overdoses or underdoses of drugs, the US Food and Drug Administration (FDA) announced today.
Hospira has ceased making this line of computerized infusion pumps for unrelated reasons and is switching customers to other pumps, the agency said. “However, due to recent cybersecurity concerns, the FDA strongly encourages healthcare facilities to begin transitioning to alternative infusion systems as soon as possible.”
Neither the FDA nor Hospira is aware of any unauthorized access of these devices in a healthcare setting.
While Hospira no longer sells the Symbiq Infusion System, third parties unrelated to the manufacturer still do. The FDA “strongly discourages” healthcare facilities from buying the device from these third parties.
In May, the FDA issued a safety warning about another kind of computerized Hospira infusion pumps — LifeCare PCA3 and PCA5 — being vulnerable to hackers. However, it advised users on how to protect against unauthorized access rather than recommend they stop using the devices. At that time, the FDA said that it was working with the manufacturer and the Department of Homeland Security to investigate the problem with the LifeCare pumps.
In today’s warning, the FDA said that Homeland Security is aware of the cyber vulnerability of the Hospira Symbiq Infusion System.