Major medical device maker, Johnson & Johnson, is issuing a warning to diabetic patients regarding their insulin pumps. In a first of its kind warning, it would seem that there is a defect with one of the pumps that would allow for a threat of cyber hacking. This means that theoretically, if someone were looking to be malicious, they could hack a diabetic patient’s pump and potentially overdose a person on insulin.
According to a report from CBS News, the vulnerability lies with one specific pump sold by Animas, one of Johnson & Johnson’s companies. In a statement issued by the medical device maker, they said that in their OneTouch Insulin Pump’s a vulnerability can be found in the “unencrypted radio frequency communication system.” While they did say that the risk is relatively low, it is still a risk.
In order for someone to actually try to hack a diabetic’s pump, it would require not only close physical proximity to the person, but also relatively sophisticated equipment and an expertise in technology, according to Reuters. This stems from the fact that the insulin pump in question does not have an external network and it is not actually connected to the internet.
USA Today reports that the security firm, Rapid 7, are the people who discovered the vulnerability. They determined that it was a possibility that a person could take over one of the pump’s using its communication system, which allows the pump to send both information and commands back and forth between the pump and a remote control that is wireless. Upon discovering this hacking potential, Rapid 7 alerted Johnson & Johnson. The medical device maker then issued a warning to diabetic patients using the insulin pump on October 4.
Although Johnson & Johnson did say that there have not been any instances at this point in which a person’s pump has been hacked, they did issue the warning to alert patients to the risk. It is important to note that the reason behind the warning stems from the fact that if a person were to get a dosage of insulin that was either too low or too high, it could prove fatal as this can sicken a patient and in some instances can even kill a person.
While this particular pump was designed years ago, before security was a priority, Johnson & Johnson is working with the Food and Drug Administration to create guidelines for cybersecurity regarding medical devices. Moving forward, new medical devices, such as insulin pumps, will incorporate a security system of some type in order to prevent this type of risk, no matter how small it may be. For more CDA News, follow our tweets on Twitter and like us on Facebook.
By Dorothea James
Photo Courtesy Johnson & Johnson