In April, a security researcher disclosed a litany of severe vulnerabilities in the PCA3 drug-infusion pump. As it turns out, those same vulnerabilities exist in many of Hospira s other pumps. In May 2014, researcher Billy Rios notified the Department of Homeland Security that he had discovered the same vulnerabilities. Nothing ever came of Rios’s private disclosure and no patches have been published for the vulnerabilities at this point. Rios said that, given all of the media attention that the previous disclosure of vulnerabilities in Hospira pumps, it’s unrealistic to think the company didn’t know about bugs in its other products.
Source: https://threatpost.com/many-drug-pumps-open-to-variety-of-security-flaws/113202/