Certain infusion pumps such as Hospira LifeCare PCA3 and PCA5, used to supply of therapeutic and anesthetic drugs are controlled by software that communicates remotely with controllers and wireless networks. Such systems create a potential security vulnerability of hacking into the device and altering operation. Though so far there have been no reports of unauthorized device access or adverse events related to software-related device malfunction, FDA recently issued several security recommendations to health care facilities as well as end-users. These include closing unused ports, keeping the system disconnected with Internet, limiting network access, and use of administrative controls to detect any unauthorized changes to the code. FDA recommends that remote software-controlled medical device implement layered security practices, good network design practices, and continuous monitoring of traffic passing through firewalls. Safeguards to verify the drug delivery settings before starting an infusion are also recommended. These rules on software are similar to those requiring software to be treated as a standalone or connected medical device, implemented earlier. These additional recommendations provide added FDA guidance on this issue.
Article Source: FDA’s medical devices safety communication page
