Skip to main content

Insulin Pump Hack Takes Technology Threats To A New Level

By October 27, 2016May 25th, 2021Blog, Cybersecurity

insulinxpumpThe risks and dangers associated with the Internet of Things continues to grow. Unfortunately, these days, a hacking attack can actually kill.

Recently, a researcher uncovered a major security flaw in an insulin pump sold by Johnson and Johnson. The Animas OneTouch insulin pump has a WiFi feature that allows a diabetic patient wearing the device to give himself an injection of insulin without ever touching the pump itself.

While convenient, the pump has absolutely no security built into it. Any hacker who gets within twenty-five feet of the device could intercept the signal, review the dosing information which is simply stored as plain text, and change it to whatever value he liked, then issue an order to inject.

The end result is that the hacker could give the patient wearing the pump a potentially lethal dose.

Johnson and Johnson was made aware of the security flaw back in September, but has only just now begun notifying the 114,000 patients currently using the device that there’s an issue. The stated reason for the long delay was that the company wanted to reproduce the hack for themselves to study it.

This is by no means the first hack discovered among the rapidly expanding collection of internet objects, but it bears the distinction of being potentially lethal. No one is likely to die if their smart dishwasher gets hacked, but this takes the threat to a whole different level.

While Johnson and Johnson has published a workaround that should minimize the risks to the patients using their pump, so far, no plans have been announced to add digital security features to the device. This is, unfortunately, representative of a far broader trend.

Manufacturers seem quite eager to make and sell all manner of smart, internet-connected devices, but thus far, have been almost categorically unwilling to build even rudimentary security features into them. Until that changes, we can expect to hear more about exploits that enable even moderately talented hackers to take control of internet objects, and it’s just a matter of time until someone dies as a result.

Jason Manteiga

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.

Leave a Reply