Insulin Pumps Are Vulnerable to Hacking

By George Khoury, Esq. on October 05, 2016 | Last updated on March 21, 2019

News broke Tuesday morning that J&J's Animas OneTouch Ping insulin pump has security vulnerabilities that a hacker could exploit. There are currently no reported cases where a hacker has maliciously taken control over a person's insulin pump, however the manufacturer wanted users to be aware of the risk.

Granted, the likelihood that a hacker would want to take control over a person's insulin pump is extraordinarily low, but it is still not beyond belief that some malicious person would attempt to do so. The device allows users to easily have insulin injected into their bloodstream, which means that a hacker could force the device to give multiple doses of insulin, which could potentially trigger a fatal event.

Is Someone Really Going to Hack an Insulin Pump?

While the risk seems very low that a hacker would spend the time and energy in order to hack an insulin pump, still, the risk is there. J&J explained that a hacker would actually have to be within 25 feet of the device as it is not connected to the internet or any other wireless network. Shockingly though, it was revealed that the device does not encrypt the messages sent from the wireless remote to the device, which is where the device is most vulnerable.

Additionally, people that use this insulin pump can be targeted if a hacker knows that the person uses the devices. Sending a diabetic into hypoglycemic shock while they are driving or doing other activities where a loss of consciousness could have a deadly outcome is likely to be the biggest concern for users of the device.

What Should You Do If You Use a J&J Insulin Pump?

J&J warns that if you use one of their Animas OneTouch Ping pumps, the risk of being hacked is very low. However, they do advise that people who are concerned can stop using the wireless remote feature and disable the wireless capabilities. Alternatively, the manufacturer recommends setting a maximum dosage so that if the device is hacked, the device will not be able to send the user into a life threatening situation.

Related Resources:

Copied to clipboard