IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Johnson & Johnson warns that its insulin pump can be hacked

But company says the pump isn't web-connected, so can still be used

Hackers

Johnson & Johnson has contacted hospitals and patients after the company discovered a potentially fatal security vulnerability in one of their insulin pumps.

The pharmaceutical and manufacturing giant delivered a letter to users of the pump, a copy of which Reuters received.

Almost 114,000 patients use the device in the United States and Canada.

Johnson & Johnson discovered that a hacker could potentially manipulate the amount of insulin a patient receives, which could lead to dangerously lowered blood sugar, or life-threatening hypoglycemia.

The vulnerability affects the Animas OneTouch Ping insulin pump, which was launched in 2008. This model is sold with a wireless control allowing patients to remotely operate the pump when insulin is needed.

Speaking to Reuters, Rapid 7 researcher Jay Radcliffe explained he had identified a way for a hacker to manipulate the communications between the remote control and pump, in order to give a higher than normal dose of insulin.

Radcliffe, who is a diabetic, explained to Reuters that the lack of encryption on these communications is the cause of this vulnerability.

In the letter released today, Johnson & Johnson outlined several steps patients can take to prevent potential attacks.

The company recommended that customers should either stop using the remote control device or reprogram the pump manually to limit insulin dosage.

Despite the possible security flaw, Johnson & Johnson believes the device is safe and is urging customers to keep using the product.

As the pump is not connected to the internet and operates with a maximum reach, the company believes a hack would be unlikely.

Its letter stated that: "The probability of unauthorized access to the OneTouch Ping system is extremely low. It would require technical expertise, sophisticated equipment and proximity to the pump..."

So far the Johnson & Johnson Animas OneTouch Ping is the only model identified as having a security flaw.

A Johnson & Johnson spokesperson said: "We are not issuing a recall as we are confident that the Animas OneTouch Ping insulin delivery system is safe and reliable for use. Animas has contacted patients and health care providers about this issue to assure them that the probability of unauthorized access to the One Touch Ping System is extremely low, as it would require technical expertise, sophisticated equipment and proximity to the pump.

"We have also informed patients and health care providers how to enable various pump features for advanced protection should they be concerned."

This article was updated on 5 October to include Johnson & Johnson's statement.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Windows 11's nifty new search feature has one major downside
Microsoft Windows

Windows 11's nifty new search feature has one major downside

23 May 2022