Abstract
Open-source medical devices, including syringe infusion pumps, have gained popularity due to their cost-effectiveness and adaptability. However, integrating open-source components, such as their open-source software controlling system, raises significant cybersecurity concerns. This paper investigates cybersecurity vulnerability targeting an open-source medical syringe pump. We present a DDoS attack that alters the pump's operation, potentially leading to over-infusion or under-infusion of medication. We then assess the implications of these security flaws on patient safety and device reliability. Based on this assessment, we propose mitigation strategies that involve hardware modifications to enhance the device's resistance to such attacks and change designs for the 3D printing hardware pieces for open electronics. This research highlights the urgent need for security-driven product design, where security considerations guide the healthcare product's design choices and implementation.