Gair, Gair, Conason, Rubinowitz, Bloom, Hershenhorn, Steigman & Mackauf is a New York Plaintiff's personal injury law firm specializing in automobile accidents, construction accidents, medical malpractice, products liability, police misconduct and all types of New York personal injury litigation.
Published on:

Hospital Negligence or Product Liability? 3 out of 4 infusion pumps vulnerable to cybersecurity threats

Infusion pumps are at risk of cyber attacks75% of infusion pumps used by hospitals and other healthcare providers are at risk of being compromised by hackers and as a result can cause harm to patients or expose sensitive data.

Infusion pumps are some of the most commonly used medical devices and some big hospitals are managing thousands of these devices. A recent study by Palo Alto Networks’ Unit 42, looked at 200,000 infusion pumps manufactured by 7 different companies and being used by multiple hospitals and healthcare organizations that are all using IOT Security to monitor their medical devices.

Researchers found that an alarming number of these devices were highly vulnerable to cyber attacks with 40 known security gaps identified among the devices. Additionnally, 70 types of alert messages received from  these devices through the IOT security network where identified as messages related to security issues.  Most vulnerabilities identified were leakage of sensitive information and unauthorized access causing the device to become unresponsive.

Half of the devices had not been patched for known critical and highly severe safety vulnerabilities disclosed in 2019

Management of cyber security issues by hospitals or healthcare providers remains questionable as more than half of the infusion pumps analyzed had not been patched for two known vulnerabilities that had been disclosed in 2019 and were ranked “critical ” and “highly severe”.   Healthcare providers and hospitals are responsible for the safety of their patients and must make sure their medical devices are patched. Failure to do so is negligence that can cause harm to the patient.

Not every infusion pump manufacturer is the same

Manufacturers also have a responsibility to provide hospitals with safe products.  Some pump manufacturers  provide ultra safe devices that usually do not require patches while less scrupulous ones are constantly sending patches to fix issues which makes the pumps less safe as many healthcare providers do not patch them.

Read the study here