Homicide No Longer Requires Proximity
Although computerized hospital pumps are widely known to be beneficial for mitigating dosage errors, news of hackable hospital pumps came to public attention a few months ago when security researcher Billy Rios discovered a pump that doesn’t use authentication for its drug library – thus enabling a hacker to load a different library into the device, which in theory could lead to a deadly dose being delivered. But new findings by Rios indicate that hackers may now themselves be able to remotely administer a deadly dose of a drug to a patient.
According to Rios’s findings, a hacker could alter – from within the hospital computer network or even over the Internet – the allowable upper dosage limit to give either too low or too high a dose. Doctors or nurses could then accidentally set the machine to give too high or low a dose without the machine issuing an alert.
When the story initially broke, this alteration of dosage limits was not considered to be such a severe vulnerability as if the hacker could himself set the dosage amount (remotely). However, now Rios has found a new vulnerability that would allow hackers to remotely set the dosage amount by altering the firmware to gain total device control.
Coupling the previously known ability to change the drug library data with the newly found ability to remotely set the amount of the dose, a hacker can now potentially deliver a lethal dose of medication.
Pervasiveness of the Problem
How widespread the vulnerabilities are is yet unknown, but with estimates limited to just the one manufacturer whose pumps Rios discovered these vulnerabilities in, close to half a million intravenous medicine pumps globally could be affected.
Naïvety or Denial?
When Rios initially notified the company making the pumps in question, that its pumps could have their firmware changed by hackers, the company insisted that the pumps are safe because of partitioning between the comms module and motherboard. Rios found that, while the physical partition does exist, a serial cable connects the two components “in a way that you can actually change the core software on the pump.”
As the company uses this same approach for remotely delivering firmware updates to its computerized pumps, it is unclear as to why any computerized-equipment maker would be so skeptical of their own methods being used by hackers. Regardless, while the company works on a proof-of-concept that their devices have no vulnerabilities, Rios is working on his own proof-of-concept to the contrary, which he plans to share during the 2015 SummmerCon security conference in Brooklyn.
“You can talk to that communication module over the network or over a wireless network,” Rios told Wired (read the full Wired report here).