Medical devices manufacturer Johnson & Johnson has warned diabetic patients when using their insulin pump. The company admitted that their Animas OneTouch Ping insulin pump faces a security issue. Apparently, it is vulnerable to attacks from hackers. This is after a security firm revealed the said flaw.
The Hackable Animas OneTouch Ping Insulin Pump
It was the computer security firm Rapid 7 that discovered the problem. Reuters had reported about this first, according to USA Today. Rapid 7 immediately informed Johnson & Johnson.
Hackers can actually hack through the pump's unencrypted radio frequency communication system. They will be able to manipulate the amount of insulin dose. This is because the system aids in sending commands and information via a wireless remote control.
Rapid 7's Senior Security Researcher Jay Radcliffe has described how to hack the system. First, the hacker would have to determine that a person has the said insulin pump. To achieve this, a radio frequency monitor has to be used. Then, the hacker can record a command on how much insulin dosage is delivered.
If the insulin dose is too high or low dose, it can be fatal. However, Johnson & Johnson ensures patients that there's a low risk of danger. They also assured that there are still no instances of hacked insulin pumps.
The company's Chief Information Security Officer Marene Allison said that the hacker has to be within 35 feet of the insulin pump. It will also require ingenious knowledge to succeed the hack. The hacker must also have radio antennas.
Diabetic patients are told not to worry unless a person exerts such efforts to harm another human being.
The Future Of Johnson & Johnson's Insulin Pumps
The USA Today reports that this is the first time a company has taken such action. Radcliffe also praised how Johnson & Johnson has handled the issue. In their defense, he said that the pumps were designed when threats to cybersecurity had not been thought of yet.
Allison disclosed that the company has been working on guidelines regarding medical device cybersecurity. They have been doing that for the past 18 months with the Food and Drug Administration. The company will incorporate security measures in their future insulin delivery pumps.