7/26/2019 Pfizer Written Response to ABC7 Questions

http://slidepdf.com/reader/full/pfizer-written-response-to-abc7-questions 1/2

Questions ABC7 presented to Pfzer ater the company declined an on-camera

interview:

1. When you acquired Hospira, were you aware of the cyber security vulnerabiltiews

in the suite of Hospira infusion pumps?2. What have you done to remedy the security vulnerabilities3. Have there been patches, rmware or software updates?. !he "#$ actually issued advisories about some of these products. What did %&er

do to respond to these warnin's meant for hospitals, medical professionals andconsumers?

(. Who is ultimately responsible for the safety of this equipment?). #oes %&er accept any level or responsibility should one of its medical devices,

*nown to have cyber security vulnerabilities, be hac*ed and intentionally or

unintentionally used to cause harm or death to a patient?+. We understand %&er and subsidiary, Hospira, has discontinued the manufacturin'

of the ymbiq -nfusion ystem. What steps have been ta*en, if any, to protect

health care institutions, who already own these machines, from bein' hac*ed?. Has %&er or any subsidiary of %&er replaced the manufacture of the /ymbiq

-nfusion ystem0 with other systems desi'ned to perform the same tas*s?. $nd if so, what steps have been ta*en to protect those new desi'ns from bein'

hac*ed?1. What steps have been ta*en by %&er or any subsidiaries to adhere to the

recommendations by the "#$, issued in anuary 21), as outlined in the attached

lin*?

http://wwwda!ov/"ews#vents/"ewsroom/PressAnnouncements/ucm$%&'(

%htm

11. -s %&er aware of, or had any complaints relative to any /patient adverse

events0 due to any hac*in' incidents on any machines manufactured by %&er or

any subsidiaries?

Pfzer)s response to the a*ove +uestions:

Cybersecurity in healthcare devices is an important issue that extends beyond infusion pumps. There

have been advisories issued on cybersecurity across the medical device industry. Exploiting

cybersecurity vulnerabilities requires penetrating several layers of network security enforced by the

hospital information system, including secure firewalls. These measures serve as the primary defense

against tampering medical devices. The cybersecurity protections on infusion pumps add an additional

layer of security.

  Supporting safe and effective medication delivery is our priority. There are no known cybersecurity

breaches of ospira devices in a patient or clinical setting, and we have a dedicated team of internal

and third!party cybersecurity experts working to continue to ensure patient safety. ospira has worked

with "CS!CE#T and the $.S. %ood and &rug 'dministration (%&') as we have become aware of

reported vulnerabilities. *hen we have received reports, we+ve worked with customers to further

strengthen device security.

The Symbiq device that had been a part of the cybersecurity discussion is no longer on market. "t was

retired as a result of our -/ decision to focus on new technology. 0ur actions to address cybersecurity

in existing and new technology underscores our commitment in this evolving area.

7/26/2019 Pfizer Written Response to ABC7 Questions

http://slidepdf.com/reader/full/pfizer-written-response-to-abc7-questions 2/2