Infusion pump cybersecurity issues

"We present a DDoS attack that alters the pump's operation, potentially leading to over-infusion or under-infusion of medication. We then assess the implications of these security flaws on patient safety and device reliability" Lu et al (2025).

"We present a DDoS attack that alters the pump's operation, potentially leading to over-infusion or under-infusion of medication. We then assess the implications of these security flaws on patient safety and device reliability" Lu et al (2025).

ReTweet

Infusion pump cybersecurity issues

Abstract:

Open-source medical devices, including syringe infusion pumps, have gained popularity due to their cost-effectiveness and adaptability. However, integrating open-source components, such as their open-source software controlling system, raises significant cybersecurity concerns. This paper investigates cybersecurity vulnerability targeting an open-source medical syringe pump. We present a DDoS attack that alters the pump’s operation, potentially leading to over-infusion or under-infusion of medication. We then assess the implications of these security flaws on patient safety and device reliability. Based on this assessment, we propose mitigation strategies that involve hardware modifications to enhance the device’s resistance to such attacks and change designs for the 3D printing hardware pieces for open electronics. This research highlights the urgent need for security-driven product design, where security considerations guide the healthcare product’s design choices and implementation.

Reference:

Lu W, Colon E, Fitzpatrick J, Hix L, Mead C. Security Driven Product Design for Open-Source Medical Syringe Infusion Pumps. Integr STEM Educ Conf. 2025 Mar;2025. doi: 10.1109/isec64801.2025.11147320. Epub 2025 Sep 8. PMID: 40979617; PMCID: PMC12449792.