Cybersecurity Vulnerabilities of Hospira Symbiq Infusion System: FDA Safety Communication

Press releases may be edited for formatting or style | July 31, 2015

Ensure that unused ports are closed, including Port 20/FTP and Port 23/TELNET.

Monitor and log all network traffic attempting to reach the affected product via Port 20/FTP, Port 23/TELNET and Port 8443. Contact Hospira’s technical support to change the default password used to access Port 8443 or close it.

We repair MRI Coils, RF amplifiers, Gradient Amplifiers and Injectors.

MIT labs, experts in Multi-Vendor component level repair of: MRI Coils, RF amplifiers, Gradient Amplifiers Contrast Media Injectors. System repairs, sub-assembly repairs, component level repairs, refurbish/calibrate. info@mitlabsusa.com/+1 (305) 470-8013

While these infusion pumps are currently not available for purchase through Hospira, the FDA is aware that the Symbiq Infusion System is potentially available for purchase from third parties not associated with Hospira. The FDA strongly discourages the purchase of the Symbiq Infusion System from these parties. The FDA recommends health care facilities follow the good cybersecurity hygiene practices outlined in the FDA Safety Communication Cybersecurity for Medical Devices and Hospital Networks, posted in June 2013.

FDA Activities:

The FDA is actively investigating the situation based on current information. If new information becomes available about patient risks and any additional steps users should take, the FDA will communicate such information publicly.

Reporting Problems to the FDA:

Prompt reporting of adverse events can help the FDA identify and better understand the risks associated with medical devices. If you are experiencing problems with your device, we encourage you to file a voluntary report through MedWatch, the FDA Safety Information and Adverse Event Reporting program.

Health care personnel employed by facilities that are subject to the FDA's user facility reporting requirements should follow the reporting procedures established by their facilities.

Device manufacturers must comply with the Medical Device Reporting (MDR) regulations.

Other Resources:

ICS-CERT communicated these Symbiq cybersecurity concerns in a safety advisory issued on June 23, 2015 and updated on July 21, 2015.

Hospira issued two communications on their website: Reported Symbiq Cybersecurity Vulnerabilities disclaimer icon and Infusion Device Cybersecurity disclaimer icon.

ICS-CERT also references Symbiq Infusion System cybersecurity issues in this safety advisory: ICS-CERT Advisory: Hospira Plum A+ and Symbiq Infusion Systems Vulnerabilities (ICSA-15-161-01).

In June 2013, the FDA published a Safety Communication on Cybersecurity for Medical Devices and Hospital Networks.

Contact Information:

For additional information or questions about the Symbiq Infusion System, contact Hospira’s technical support at 1-800-241-4002.

If you have questions about this communication, please contact the Division of Industry and Consumer Education (DICE) at DICE@FDA.HHS.GOV, 800-638-2041 or 301-796-7100.

Back to HCB News



You Must Be Logged In To Post A Comment Sign In If you've already created an account, use your email address and password to sign in using the form below. Login Problems: Click here if you are having login issues. Email address: Password: Forgot your password? Login Problems? View our Legal Notice and Privacy Notice Register Registration is Free and Easy. Enjoy the benefits of The World's Leading New & Used Medical Equipment Marketplace. Register Now!