There’s an Insulin Pump That Can Be Hacked
Hacking an insulin pump? Turns out, this disturbing possibility is a real threat. Here’s how insulin pumps can be hacked and what’s being done about it.
Recently, Johnson & Johnson issued a statement warning about a potential security issue with its Animas OneTouch Ping Insulin Infusion Pump. A computer security firm found that it would be possible for hackers to hijack the pump through the unencrypted radio frequency system it uses. Strange as it might seem, this isn’t an entirely new thing. Several people have already hacked into their own device in order to change its configurations or just to satisfy curiosity about how it works. Still, the fact that someone with bad intentions could access a person’s pump is enough to cause legitimate concern.
Read More: Is the Wi-Fi Available On Airplanes Safe to Use?
How Do You Hack an Insulin Pump?
Insulin pumps are used to help diabetic people control their blood sugar. These pumps are worn on the body, usually underneath clothes, and deliver insulin through a catheter. Used predominantly by people with Type 1 diabetes, these pumps can receive dosage instructions through a wireless remote. A hacker would have to use a radio frequency monitor to zero in on the particular pump they were targeting. They could then theoretically repeat the command to deliver a dose multiple times, causing the pump to administer dangerous and even fatal levels of insulin. According to the manufacturer of the OneTouch pump, someone would need to be within 25 feet of the pump and would need to possess sophisticated technical equipment to accomplish this.
Should We Worry?
Experts in the healthcare and medical device industries say that while the possibility exists, it is highly unlikely that someone would break into another person’s insulin pump for the purpose of harming them. So far, there are no known incidents of any insulin pumps — or other medical devices — being hacked maliciously. IT security isn’t typically something a doctor or medical device manufacturer would need to understand. In today’s world, however, this knowledge gap between the healthcare industry and the tech it uses creates an unignorable risk.
How Can Medical Device Security be Improved?
Department of Defense hospitals have already addressed the medical device security threat by requiring that all implanted devices must comply with DIACAP (Department of Defense Information Assurance Certification and Accreditation Process), a risk management protocol for information systems. This means that all of their networked devices are subject to mandatory security evaluations. Perhaps civilian hospitals will follow suit in the near future. Going forward, Johnson & Johnson has said that they will incorporate security features into any future devices manufactured under their name. Additionally, the company has been working alongside the FDA to develop guidelines for medical device cybersecurity.