Skip to Main Content

Hospira Drug Pump: The Catastrophic Safety and Security Breach on the Horizon

Visiting the hospital for surgery, testing, or simply a check-up can be a difficult time for any individual under the best of circumstances. The primary function of a hospital is to serve as a community promise of security, safety, and healing, but peril and danger can lurk in the most innocent and well-meaning institutions.

Hospira is the world’s leading provider of injectable drugs and infusion based technologies with over 400,000 intravenous drug pumps installed in Texas hospitals and across the world. And at least five models of these drug pumps have been proven to suffer vulnerabilities that could cause catastrophic injuries or even death.

Billy Rios, a security researcher and expert broke the story in Wired and revealed that security flaws within the Hospira pumps enabled hackers or any unauthorized personnel to increase or decrease dosages. The vulnerable models include: the PCA LifeCare pump, the PCA3 LifeCare and PCA5 LifeCare pump, the Symbiq pumps, and the Plum A+ pump of which 325,000 alone are installed in hospitals worldwide. These are the pumps Billy Rio has tested, but he believes that more may be compromised such as the Plum A+3 and the Sapphire and SapphirePlus models.

The secondary issue, and much more dangerous flaw, is that after changes are made to the drug libraries, patient data regarding drug administration, there is no warning system to notify authorized personnel. The hacker can breach the network, change the dosage, and install a new drug library after he/she makes the dosage changes and not leave a digital footprint because the firmware does not require authentication. It’s the safety equivalent of riding in an airplane where the number of engines can change mid-air, the pilot isn’t notified when a mountain happens to pop up in your path, and the control tower believes it’s all going according to plan.

Billy Rios reported his findings to Hospira a year ago regarding the pumps and Hospira responded that the problem was limited to their LifeCare line. Rios purchased and tested a Plum A+ pump and discovered the same firmware flaw. In May, the FDA issued an alert regarding the firmware vulnerability in the LifeCare PCA3 and PCA5 pumps, but made no reference of any other model warnings.

Technology is the driving force behind innovation and the pathway to better science and better heath, but these tools of convenience must be rigorously tested and secured before they are placed in any healing institutions. Dallas, Houston, and Austin have nearly 70 hospitals combined serving 100,000 people every single day. Who monitors the insulin for the diabetic? Who checks the morphine for the injured? Who ensures the chemotherapy is delivered to the patient? The Hospira drug pump will help many people and save many lives over time, but until changes are made, the security frailties of the system will eventually cost someone their life.

If you or a loved one are looking for a personal injury attorney, please contact the experienced attorneys of Zehl & Associates at 1-888-603-3636 or [email protected]. Our clients were awarded the largest accident award in Texas and we understand your complex needs and have all the resources to deliver you the best legal representation