Security warning over hospital syringe pumps - Syringe pumps used in hospitals around the world have flaws hackers could exploit to change the dosages being delivered to patients.

Security warning over hospital syringe pumps - Syringe pumps used in hospitals around the world have flaws hackers could exploit to change the dosages being delivered to patients.
Security warning over hospital syringe pumps - Syringe pumps used in hospitals around the world h...

Well good job letting all the hackers know.

We use similar electronic pumps where I work. Basically they are connected via wifi to a central server that monitors doses and rates, with enough smarts to prevent overdoses and accidental errors in adjustments that can happen with manual pumps. They have reduced IV errors significantly.

Why do syringe pumps need to have a computer linked control?

I have been in and out of hospitals with family members for the last 10 years are see these pumps which don't need to be internet, wifi, blue tooth or computer linked. Christ sometimes I think manufactures just add this pointless shit in just to bump up the price and make it sound awesome.

How about the lazy ass Doctor walks over and adjusts the dosage accordingly, like they have done for the last 40 years before.

Pumps connected to a central server is not a problem, I can see the benefits. But the internal hospital network that this is part if then needs to be quarantined from the internet. It is necessary for the pump to communicate with a computer at the nurse's station. I don't see added benefit for a pump to communicate with anything outside the hospital.

Edit: I've thought some more about this. The only one who could have a legitimate interest in accessing the pump remotely is the maker - to install software updates or check error messages, say. Still, that opens a potential infection window which as we know is very difficult to deal with. I maintain that extremely sensitive infrastructure like this needs to be quarantined. The things are expensive enough, and an average hospital has large enough numbers of these, to justify a representative to come in and do whatever needs doing locally.

Usually these reports come out after a software patch has been created then only those who don't update are vulnerable, but looks like they aren't issuing a patch till January in this case...

Reckless endangerment?

This was my first thought.

Even when that patch goes online only a fraction of the world's hospitals will install the patch. IT in hospitals is notorious for being slow to upgrade.

Christ sometimes I think manufactures just add this pointless shit in just to bump up the price and make it sound awesome.

Hit the nail on the head.

It's the same thing with medical conglomerates like Kiaser Permanente going all inclusive and "online", and putting all their eggs into this silly bubble with the allusion of more care and control, but really the smallest thing can pop it. And they seem completely clueless and almost brainwashed by this allusion that somehow being networked equals better service and security and beneficial to all when there is little to no improvement.

Picture an intern getting mad because he can't find his index finger pulse reader, completely forgetting that taking your pulse with fingers does the same thing.

Newer doesn't automatically equal better. People should know this shit by now.