Recently, the USDA issued a recall order on six different models of pacemakers, all of which were vulnerable to hacks that would have allowed the hackers to literally kill the patients who relied on them.
This is hardly a new development, and the government has been slow to get involved. The reality is that since the rise of the Internet of Things, security experts have been warning that smart device manufacturers were being grossly irresponsible by not building robust security features into their devices.
Nobody cared, few listened, and the size of the Internet of Things exploded.
Now, we’ve got literally billions of “smart” devices connected to the internet with little or no security, including many medical devices which, if hacked, could cause serious damage, death included.
The most recently discovered unprotected medical device is a syringe infusion pump that’s used by hospitals in acute care settings. Like so many other smart devices, it lacks robust security protocols, and hackers could easily take control of it and use it to deliver a fatal dose of medication to the patient who’s relying on it.
Even worse, it’s not just a matter of lax security. Researchers have found a total of eight critical security failures on the syringe infusion pump alone.
If you or someone you know is using the Medfusion 4000 Wireless Syringe Infusion Pump, made by Smiths Medical, then be aware that it is vulnerable if running versions 1.1, 1.5, or 1.6 of the firmware, and even a moderately skilled hacker could take complete control over it.
This is one of the rare cases where the manufacturer has proved to be somewhat responsive. They’ve indicated that a firmware patch is coming, although it won’t be ready for release until early 2018. Even so, Smiths Medical stands apart from the crowd if for no other reason than they actually seem interested in making their devices more secure. Now we just need to get the rest of the smart device manufacturers to follow their example.