Patients of Diabetic Warned about Fatal Hacking Risk in Insulin Pumps

The flaw of cybersecurity affects the Animas One Touch Ping unit of healthcare companies. The unit launched in the year 2008, has wireless remote control which can be used by the patients to order pump for delivering insulin.

Rapid7 Inc, a cybersecurity firm, has found that communications between pump and the remote control are not encrypted.

Experts of medical device said that it was believed to be first time when a manufacturer issued such warning to the patients regarding cyber vulnerability, which has become a hot subject matter in industry since the last month revelations of possible bugs in defibrillators and pacemakers.

Executives of J&J told the Reuters that they do not know about any attempted hacking attacks incident on device namely, J&J Animas One Touch Ping insulin pump. Nevertheless, the company is warning the customers and giving advice regarding fixing of the problem.

Jay Radcliffe, a security researcher who is diabetic, discovered the flaw and published it in blog on Tuesday. Radcliffe had found ways how a hacker can spoof the communications between One Touch Ping insulin pump and remote control, potentially forcing to deliver the illegal insulin injections.

Scientificamerican.com posted on September 26th, 2016, that "the probability of unauthorized access to the OneTouch Ping system is extremely low" as per the company letters sent to the doctors and around 114,000 patients using the device in Canada and United States on Monday. "In addition, the system has multiple safeguards to protect its integrity and prevent unauthorised action".

According to the first report about the weakness by Reuters, a researcher of cybersecurity brought these risks to attention of J&J in April after founding ways of hacking the device. That allows the company in investigating as well as working with the US regulators and the hacker, the security researcher who has earlier exposed issue with the Medtronic's pump.

J&J said that if the patients are worried, then they can take many steps to spoil potential attacks. That includes discontinuing the wireless remote control use and programming pump to restrict the maximum dose of insulin.

The US Food and Drug Administration told that it does not know about any cases where the hackers exploited the cyber vulnerabilities for harming a patient. It can be understood that device is not broadly used in UK.

» SPAMfighter News - 10/10/2016