Infusion pumps are some of the most commonly used medical devices and some big hospitals are managing thousands of these devices. A recent study by Palo Alto Networks’ Unit 42, looked at 200,000 infusion pumps manufactured by 7 different companies and being used by multiple hospitals and healthcare organizations that are all using IOT Security to monitor their medical devices.
Researchers found that an alarming number of these devices were highly vulnerable to cyber attacks with 40 known security gaps identified among the devices. Additionnally, 70 types of alert messages received from these devices through the IOT security network where identified as messages related to security issues. Most vulnerabilities identified were leakage of sensitive information and unauthorized access causing the device to become unresponsive.
Half of the devices had not been patched for known critical and highly severe safety vulnerabilities disclosed in 2019
Management of cyber security issues by hospitals or healthcare providers remains questionable as more than half of the infusion pumps analyzed had not been patched for two known vulnerabilities that had been disclosed in 2019 and were ranked “critical ” and “highly severe”. Healthcare providers and hospitals are responsible for the safety of their patients and must make sure their medical devices are patched. Failure to do so is negligence that can cause harm to the patient.
Not every infusion pump manufacturer is the same
Manufacturers also have a responsibility to provide hospitals with safe products. Some pump manufacturers provide ultra safe devices that usually do not require patches while less scrupulous ones are constantly sending patches to fix issues which makes the pumps less safe as many healthcare providers do not patch them.
Read the study here