New Brunswick, N.J.-based Johnson & Johnson identified a low-risk security issue in one of its insulin pumps that could allow hackers to overdose diabetic patients with insulin, reported Reuters.
The pump, called the Animas OneTouch Ping, comes with a wireless remote patients can use to administer insulin doses. Jay Radcliffe, a diabetic and researcher at the cybersecurity firm Rapid7, found the communications between the device and remote were not encrypted, leaving the device vulnerable to hackers who could mimic the communication to deliver unauthorized doses of insulin.
Mr. Radcliffe reported the device's cybersecurity vulnerabilities to J&J in April. The company's technicians replicated his findings and confirmed that a hacker could command the pump to administer insulin from up to 25 feet away, said Brian Levy, CMO of J&J's diabetes division.
Since these attacks require technical expertise and sophisticated equipment, "the probability of unauthorized access to the OneTouch Ping system is extremely low," the company said in a warning letter to physicians and patients. About 114,000 people use the insulin pump in the U.S. and Canada, according to the report.
If patients are concerned about a hack, they can stop using the wireless remote or program the device to administer a maximum insulin dose, J&J said.