Categories: Security

There’s an Insulin Pump That Can Be Hacked

Recently, Johnson & Johnson issued a statement warning about a potential security issue with its Animas OneTouch Ping Insulin Infusion Pump. A computer security firm found that it would be possible for hackers to hijack the pump through the unencrypted radio frequency system it uses. Strange as it might seem, this isn’t an entirely new thing. Several people have already hacked into their own device in order to change its configurations or just to satisfy curiosity about how it works. Still, the fact that someone with bad intentions could access a person’s pump is enough to cause legitimate concern.

Read More: Is the Wi-Fi Available On Airplanes Safe to Use?

How Do You Hack an Insulin Pump?
Insulin pumps are used to help diabetic people control their blood sugar. These pumps are worn on the body, usually underneath clothes, and deliver insulin through a catheter. Used predominantly by people with Type 1 diabetes, these pumps can receive dosage instructions through a wireless remote. A hacker would have to use a radio frequency monitor to zero in on the particular pump they were targeting. They could then theoretically repeat the command to deliver a dose multiple times, causing the pump to administer dangerous and even fatal levels of insulin. According to the manufacturer of the OneTouch pump, someone would need to be within 25 feet of the pump and would need to possess sophisticated technical equipment to accomplish this.

Should We Worry?
Experts in the healthcare and medical device industries say that while the possibility exists, it is highly unlikely that someone would break into another person’s insulin pump for the purpose of harming them. So far, there are no known incidents of any insulin pumps — or other medical devices — being hacked maliciously. IT security isn’t typically something a doctor or medical device manufacturer would need to understand. In today’s world, however, this knowledge gap between the healthcare industry and the tech it uses creates an unignorable risk.

How Can Medical Device Security be Improved?
Department of Defense hospitals have already addressed the medical device security threat by requiring that all implanted devices must comply with DIACAP (Department of Defense Information Assurance Certification and Accreditation Process), a risk management protocol for information systems. This means that all of their networked devices are subject to mandatory security evaluations. Perhaps civilian hospitals will follow suit in the near future. Going forward, Johnson & Johnson has said that they will incorporate security features into any future devices manufactured under their name. Additionally, the company has been working alongside the FDA to develop guidelines for medical device cybersecurity.

PSafe Newsroom

The dfndr blog is an informative channel that presents exclusive content on security and privacy in the mobile and business world, with tips to keep users protected. Populated by a select group of expert reporters, the channel has a partnership with dfndr lab's security team. Together they bring you, first-notice news about attacks, scams, internet vulnerabilities, malware and everything affecting cybersecurity.

Recent Posts

Vulnerabilities in Cyber Security: what they are and how to fix them?

Learn all about one of the hackers' favorite breach method and keep your company safe…

1 year ago

3 ways to recover deleted photos on Android

Have you ever wondered how to recover deleted photos on Android? After all, the lack…

1 year ago

What is worm?

Digital worms are among the most serious threats in the wild kingdom of the Internet.

2 years ago

Spoofing: What’s it all about?

Spoofing is a fairly sophisticated virtual scam that can fool even the most cautious and…

2 years ago

Careful With That QR Code! Five Steps For QR Code Safety

Five Steps to Reduce QR Code Risk! Step one? Read this article…

2 years ago

Pharming: Phishing’s Nasty Big Brother

Pharming is creating a new, dangerous brand of impostor syndrome. Check how to avoid pharming…

2 years ago