Johnson & Johnson is warning patients that it has learned of a security vulnerability in one of its insulin pumps that a hacker could exploit to overdose diabetics with insulin. According to a Reuters news report, the company is saying that the risk of this happening is “low.” But it could happen. This is apparently the first time a manufacturer has issued such a warning to patients about a cyber vulnerability, a hot topic in the industry after information last month about possible bugs in pacemakers and defibrillators.
J & J executives say they have no knowledge of attempted hacking attacks on the Animas OneTouch Ping insulin pump models, which are the ones they’ve issued the warning about. The company is warning customers and providing advice on how to fix the problem. They have sent about 114,000 patients as well as doctors in the U.S. and Canada. J&J says hacking into the insulin pumps would require technical expertise, sophisticated equipment and proximity to the pump because the pump itself is not connected to the Internet or to any external network.
Unauthorized Insulin Injections
What is really scary about this issue is that there are ways for a hacker to simply spoof communications between the remote control and the OneTouch Ping insulin pump, potentially forcing it to deliver unauthorized insulin injections. The insulin pumps are medical devices that patients attack to their bodies. The pumps inject insulin through catheters. The system is vulnerable because those communications are not encrypted or scrambled to prevent hackers from gaining access to the device. This risk means that patients could be dosed with too much insulin causing low blood sugar, which could become a life threatening condition.
Protecting Yourself from Hacking Attacks
So far, the Food and Drug Administration (FDA) doesn’t know of any cases where a medical device’s cyber vulnerabilities have injured patients. However, the fact that it could be done in itself is deeply concerning. Tampering with these crucial medical devices that provide patients with lifesaving drugs can prove devastating.
As product defect attorneys who fight for the consumer rights, we believe that J & J should take every possible step to ensure that all affected consumers know and understand these cyber vulnerabilities and take the appropriate precautions including not using the remote control feature. Anyone who has been injured as a result of a hacking attack would be well advised to contact an experienced product defect lawyer to obtain more information about pursuing his or her legal rights.