Medical Device Vulnerable to Hacking

By Kim Smiley

The Food and Drug Administration (FDA) made headlines when they issued a warning that a computerized pump used for infusion therapy, Hospira Symbiq Infusion System, has cybersecurity vulnerabilities. Hacking is scary enough when talking about a laptop, but the stakes are much higher if someone had the ability to alter the dosage of critical medication.

A Cause Map, a visual format for performing root cause analysis, can be used to analyze this issue.  The first step in the Cause Mapping process is to fill in an Outline with the basic background information, including how the issue impacts the overall goals.  Defining the impacts to the goals helps define the scope of an issue.  Once the Outline is completed, one of the impacted goals is used as the starting point to building the Cause Map itself.  For example, the potential risk of serious injury or death is an impact to the patient safety goal and would be the first cause box on the Cause Map.  The rest of the Cause Map is built by asking “why” questions and documenting the answers in cause boxes to intuitively lay out the cause-and-effect relationships.

So why is there potential for injury or death with the use of the Hospira Symbiq Infusion System?  It is possible for a patient to receive the incorrect dosage of medication because the system could be accessed remotely by an unauthorized user who could theoretically change the settings.  There have been no reported cases where this infusion pump system has been hacked, but both Hospira and an independent researcher have confirmed that it is possible.

This system is vulnerable to hacking because it is designed to communicate with hospital networks and the design has a software bug that could allow it to be accessed remotely via a hospital’s network.  The infusion system was designed to interface with hospital networks to help reduce medication dosage errors because the dosage information wouldn’t need to be entered multiple times.

The final step in the Cause Mapping process is to develop solutions to help reduce the risk of similar errors in the future.  In this specific example, the FDA has strongly encouraged healthcare facilities to transition to alternative infusion systems as soon as possible.  Hospira discontinued this specific design of infusion system in 2013, reportedly due to unrelated issues, but it is still available for sale by third-party companies and used by many healthcare facilities. There will not be a software patch provided or any other means to make the Hospira Symbiq Infusion System less vulnerable to hacking so the only option going forward will be to switch to a different infusion system. During the time required to transition to new equipment, the FDA has provided specific steps that can be taken to reduce the risk of unauthorized system access that can be read here.