Researcher Finds Hacking Vulnerabilities in Hospital’s Drug Pumps

Security Researcher Bill Rios says he’s found major weaknesses in the company Hospira’s drug pumps that could be exploited by hackers and endanger patients.

A researcher says he’s found major vulnerabilities in a company’s widely-used drug infusion pumps.

The security researcher Bill Rios claims he’s discovered problems with at least five models of the company Hospira’s infusion pumps that could be manipulated to change the dosage of a drug that a patient is receiving.

Rios says he gave his findings to Hospira last year, though the company said his claims were impossible because the circuit board and communication modules aren’t connected. Rios says he can prove Hofstra is lying, and intends to do so at the Summercon security conference in Brooklyn on July 17.

Last year Rios also gave his findings to the Food and Drug Administration, which issued an alert about the firmware problem in Hospira’s LifeCare PCA3 and PCA5 pumps, but none of the other models. Rios claims at least five of the pump models are vulnerable, and although he hasn’t tested any of Hospira’s other models, he suspects they are all vulnerable.

Hospira has over 400,000 intravenous drug pumps installed in hospitals around the world, according to Hospira’s website claims the company “is the leading provider of injectable drugs.”

The problem with the pumps has to do with their communication modules, which are connected to a firmware that could be remotely accessed by hackers. Rios says the firmware connections don’t need to be authenticated or digitally signed to change the pumps’ software, meaning anyone who can access the firmware can alter the pumps.

Zach Winn is the associate web editor of Campus Safety Magazine

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author


Zach Winn is a journalist living in the Boston area. He was previously a reporter for Wicked Local and graduated from Keene State College in 2014, earning a Bachelor’s Degree in journalism and minoring in political science.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

Get Our Newsletters
Campus Safety HQ