Reading:
Smiths Medical confirms drug pump hacking vulnerability
Share:
data breaches identified by

Smiths Medical confirms drug pump hacking vulnerability

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Manufacturer of Medfusion 4000 drug pumps, Smiths Medical, has confirmed their medical devices are vulnerable to cyberattacks and could be hacked into remotely.

Hackers may be able to take control of the device and stop it from working, therefore preventing lifesaving drugs being administered to patients.

The manufacturer supplies its drug pumps to hospitals across the globe. It is not known how many of these devices are in use here in the U.K.

About the devices

Regulators have issued a warning that three models of the drug pumps are affected by the flaw that could leave it vulnerable to hacking. Hackers may therefore be able to remotely take control of the medical device and control how much or how little it dispenses vital drugs.

The electronic devices are supposed to prevent medical errors, allowing doctors and physicians to administer accurate doses of medication more effectively. Vice President of the company’s global product management department, Tommy Johns, praised the reliability of the drug pumps as being “recognised for its accurate medication delivery [to] patients in critical care units, including neonatal and paediatric intensive care”.

With the vulnerable nature of intensive care patients, a small error in the amount of medicine received or the speed of administration could cause serious harm, or even be fatal.

Flaw found by security researcher

The flaw was found by an independent security researcher called Scott Gayou. The company revealed that Gayou purchased one of the devices second-hand and dedicated hundreds of hours in searching for vulnerabilities. Once he managed to hack into the device, he immediately notified the company of his findings so the company could find a way to immediately patch up the vulnerability.

What’s being done about it?

Smiths Medical have been working with various authorities to resolve the vulnerability. New software reportedly won’t be ready until January 2018, so in the meantime, customers are being warned to systematically check and safeguard the devices to ensure the device continues to deliver accurate doses of medicine as necessary.

Warnings to customers

“Please, if you are from a clinic that uses these devices, follow the manufacturer’s recommendations to update the devices. That will drastically reduce your risk”, engineer Todd Carpenter wrote in an email; “Monitor all your manufacturer updates, and keep your devices patched. Whilst this is an expensive part of your operation, it is definitely important.”

Chief technology officer of the company Brett Landrum apologised on behalf of Smiths Medical, but noted it’s “highly unlikely” that anyone will successfully hack into the devices. Another spokeswomen for the company confirmed there have been no reports of any malicious hacking attempts.

Naturally, regulators recognise the increasing trend in vulnerabilities in electronic medical devices that can leave them open for hacking. Thousands of medical devices could reportedly be hacked into, including glucose monitors, insulin pumps, infusion pumps and pacemakers. In fact, a DefCon hacking conference was held earlier in August where security researchers uncovered flaws in hundreds of biomedical devices that left them vulnerable to hacking.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon