Johnson & Johnson is warning diabetics about a security vulnerability in one of its insulin pumps that hackers could exploit to potentially overdose diabetic patients with insulin. It is the first time a manufacturer has issued such a cyber vulnerability warning, a trending issue following revelations last month about possible hacks in pacemakers and defibrillators.
Although executives at J&J revealed to Reuters that there are no reported hacks of the OneTouch Ping insulin pump, the company is nonetheless providing users of the device with advice on how to fix the potential problem.
“The probability of unauthorized access to the OneTouch Ping system is extremely low,” the company informed doctors and about 114,000 patients who use the device across North America. “It would require technical expertise, sophisticated equipment, and proximity to the pump, as the OneTouch Ping system is not connected to the internet or to any external network.”
Insulin pumps are medical devices that patients attach to their bodies and injects insulin through catheters. The Animas OneTouch Ping, which attaches to the diabetics body and delivers insulin through catheters was launched in 2008 and features a wireless remote control that patients use to deliver insulin.
A diabetic and researcher with cyber security firm Rapid7 Inc, Jay Radcliffe, has identified how hackers can access the remote control and potentially deliver an unauthorized dose of insulin.
The reason for the vulnerability is because the device is not encrypted, or scrambled, noted Radcliffe. But J&J executives said they partnered with Radcliffe to improve the security problem.
J&J’s said anyone who is concerned can take several steps to protect themselves against such potential attacks. Such steps include discontinuing use of a wireless remote control and programming the pump to limit the maximum insulin dose.