Johnson & Johnson claims that the risk of this happening is quite low, and medical device experts claim that this is the first time such a concern has ever been reported. Cyber vulnerability has become an increasingly hot topic following similar concerns with bugs in pacemakers and defibrillators.
The OneTouch Ping manufacturer claims that so far, they have not received any reports about cyber attacks on their devices. Regardless, Johnson &Johnson is doing their best to warn customers and teach them how to fix the problem for their protection. The company sent letters out to doctors and about 114,000 patients who use the device in the United States and Canada.
CBC reports that the letters said, "The probability of unauthorized access to the OneTouch Ping system is extremely low. It would require technical expertise, sophisticated equipment and proximity to the pump, as the OneTouch Ping system is not connected to the internet or to any external network."
The Animas OneTouch Ping was launched in 2008, and like other insulin pumps, it attaches to a patient's body and supplies them insulin through catheters. The OneTouch Ping also features a wireless remote so patients can dose themselves with insulin without having to access the device itself.
Jay Radcliffe, a diabetic and researcher with cyber security firm Rapid7 Inc, identified the potential for the device to be hacked. The remote control doesn't utilize scrambled or encrypted communications, so a hacker could potentially manipulate this and forge phony communications from the remote to the device. This would result in the device delivering unauthorized doses of insulin. Radcliffe reported these vulnerabilities to Johnson and Johnson in April of 2016, prompting the company to investigate.
Radcliffe believes that the letters sent out by Johnson & Johnson provide adequate advice and following their suggestions will help keep patients safe. "They can give peace of mind to the patient or parent of a child using the device."
Sources: