However, Rios found that the Hospira systems dont use certification for their internal drug libraries.
According to Rios, additional research could reveal other vulnerabilities.
The risk from changing the bumpersthe high and low permissible dosesdoesnt seem to be very high, Wachter says.
Its probably not going to kill someone today.
Anything like this at some point will kill someone.
One way it does this is to merge drug libraries into its pumps.
Such libraries are available for every medication to set parameters for their safe use.
Drug limits, for example, differ for infants, children and adults.
The Hospira pumps also use barcodes to refer the correct drug library.
If a nurse enters the incorrect dosage, the pump is supposed to send an alert.
The updates are processed by a communication module built into each pump.
The pumps also can use their own WiFi connection for communication.
The system also stores usernames and passwords in plaintext.
The reason being that the pumps themselves dont verify whether the system sending them updates is the MedNet system.
source: www.techworm.net
