A researcher says he’s found major vulnerabilities in a company’s widely-used drug infusion pumps.

The security researcher Bill Rios claims he’s discovered problems with at least five models of the company Hospira’s infusion pumps that could be manipulated to change the dosage of a drug that a patient is receiving.

Rios says he gave his findings to Hospira last year, though the company said his claims were impossible because the circuit board and communication modules aren’t connected. Rios says he can prove Hofstra is lying, and intends to do so at the Summercon security conference in Brooklyn on July 17.

Last year Rios also gave his findings to the Food and Drug Administration, which issued an alert about the firmware problem in Hospira’s LifeCare PCA3 and PCA5 pumps, but none of the other models. Rios claims at least five of the pump models are vulnerable, and although he hasn’t tested any of Hospira’s other models, he suspects they are all vulnerable.

Hospira has over 400,000 intravenous drug pumps installed in hospitals around the world, according to wired.com. Hospira’s website claims the company “is the leading provider of injectable drugs.”

The problem with the pumps has to do with their communication modules, which are connected to a firmware that could be remotely accessed by hackers. Rios says the firmware connections don’t need to be authenticated or digitally signed to change the pumps’ software, meaning anyone who can access the firmware can alter the pumps.

Zach Winn is the associate web editor of Campus Safety Magazine

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Related Content