Report: Infusion Pump Cybersecurity an Issue for Device Makers and Users
NEW YORK, Aug. 20, 2015 /PRNewswire/ -- Kalorama Information says that the ground-shaking OPM hack affecting over 20 million Americans and a string of other high-profile hacks in the private sector brought cybersecurity to the public's attention, but it has become even more intimate of an issue for individuals following the FDA's first ever medical device warning for IT vulnerabilities. A July 31 FDA warning communicated that an independent researcher and the manufacturer Hospira had found that the company's Symbiq drug infusion pump could be accessed and controlled by hackers through a hospital's wireless network.
Kalorama Information's report on infusion pumps can be found here:
"The critical role of infusion pumps – intravenously administering pharmaceuticals to patients at correct and accurate dosage rates – drew the attention of cybersecurity experts years ago," said Bruce Carlson, Publisher of Kalorama Information.
The FDA urges healthcare uses to immediately discontinue use of the Symbiq pump already set to be phased out by the end of 2015. Various investigators have already demonstrated the IT vulnerabilities of sensitive devices such as infusion pumps and implantable devices prior to this first-ever FDA warning; however, the warning also comes after years of heightened recall activity and product issues for infusion pumps.
The hacking demonstration of any insulin infusion pump within a 300 meter radius was demonstrated at a conference in 2011. Researchers also demonstrated the hack of an implantable cardiac defibrillator (ICD) in 2008. More recent meetings of cybersecurity conferences such as Black Hat have spared the healthcare industry from their marquee demonstrations, though the industry remains exceptionally vulnerable to hacking. A major protection against such events has been motivation; the hijacking of distributed operational devices has negligible black market value and malicious intent has yet to surface in healthcare settings. Prior to the Symbiq warning, the FDA had issued only a broad warning to the device industry and hospitals to ensure "appropriate safeguards are in place to reduce the risk of [device] failure due to cyberattack". The Department of Homeland Security's (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has been arguably the most active government agency with regards to device security, having issued advisories for specific infusion pumps and implantable devices since 2011.
Kalorama analyst Emil Salazar said in a recent blog post that the issue should not affect the overall infusion pump market.
"While competitive balance in the infusion pump market may be shifted by increased regulatory and purchaser attention to device IT vulnerabilities," Salazar said. "Significant adverse effects on the market as a whole are not anticipated as results of the recent FDA warning. The infusion pump market has maintained its trajectory of steady growth through several tumultuous years of recalls."
Frequent recalls in the infusion pump industry may have also prompted the FDA to recently take action with the Hospira Symbiq pump. Reviewed in Kalorama Information's The World Market for Infusion Pumps, 21 companies were affected by recalls for infusion pumps and related equipment between 2003 and 2013. Beginning in 2009, the FDA reported a noticeable increase in the number and severity of infusion pump recalls. A significant portion of the recalls were attributed to faulty device design. The number of adverse events reported to the FDA and uptick in recalls prompted the agency to establish the Infusion Pump Improvement Initiative in 2010. The FDA also took an increased role in the evaluation of infusion devices, including the development of software.
The threat of device hacking remains problematic as remotely controlled, harmful device operation may go unnoticed amid the high volume of adverse events reported for infusion pumps and implantable devices. Device security figures to become a more important parameter for infusion pump development and purchasing decisions in the wake of the FDA warning. Prior to the warning, software integration with manufactured devices was already identified by regulators as a source of problems in infusion pump operation.
Kalorama Information's report, The World Market for Infusion Pumps (Large Volume Pumps, Ambulatory Pumps, Insulin Pumps, Enteral Feeding Pumps, Others) contains market sizes and forecasts for several areas within devices. The report can be obtained at: http://www.kaloramainformation.com/redirect.asp?progid=87739&productid=7961675.
About Kalorama Information
Kalorama Information, a division of MarketResearch.com, supplies the latest in independent medical market research in diagnostics, biotech, pharmaceuticals, medical devices and healthcare; as well as a full range of custom research services. Reports can be purchased through Kalorama's website and are also available on www.marketresearch.com and www.profound.com.
We routinely assist the media with healthcare topics. Follow us on Twitter, LinkedIn and our blog at www.kaloramainformation.com.
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/report-infusion-pump-cybersecurity-an-issue-for-device-makers-and-users-300130953.html
SOURCE Kalorama Information