Insulin Pumps Vulnerable To Hacking: J&J
Johnson & Johnson recently released a statement telling its patients about a security vulnerability in one of its insulin pumps: specifically, that a hacker can exploit it to overdose diabetic patients.
Before you panic: the risk is low, but medical device experts believed that it was the first time that a manufacturer had issued a warning to patients regarding cyber vulnerability, which, as Reuters indicated, is a hot topic in the industry following revelations of possible pacemaker and defibrillator bugs.
However, J&J executives did admit to know knowing actual examples of hacking attacks on their J&J Animas One Touch Ping insulin pump - but in an attempt to be safe, the company is warning customers and already providing advice on how to fix the problem, just in case.
The company addressed doctors around the United States and Canada on Monday, stating that the probability of unauthorized access is low, and that it will require technical expertise. However, Jay Radcliffe, a diabetic researcher with a cyber security firm said he was able to identify ways for a hacker to spoof communications between the remote control and the insulin pump that could force it to deliver unauthorized insulin injections.
Due to communications not being encrypted, hackers can gain access to the device. However, J&J executives are already working on the security issues. Company technicians who were able to replicate Radcliffe's findings also confirmed that overdosing could happen from a distance of up to 25 feet, but ultimately, the OneTouch Ping system is safe and reliable.
If patients are indeed concerned, they could take some steps to prevent such overdosing, including discontinuing the use of a wireless remote control and programming the pump itself to limit maximum insulin doses.
The FDA praised J&J for their work in discovering and finding ways to mitigate their vulnerability, as well as their initiative to disclosing the problem. J&J's Chief Information Security Officer Marene Allison are now working on ensuring that no other company products are vulnerable to the same bugs.