Can Your Insulin Pump Be Hacked?

Apr 10, 2012 6:51pm

Technology security experts have sent out a warning about the potential vulnerability of sensitive equipment — not computers  but medical devices such as insulin pumps.

A researcher from McAfee, the global tech security company, was able to hack into an insulin pump and cause the device to dispense all 300 units of insulin it contained, according to BBC News.

The wireless signals used to communicate with the pump could compromise the security of the device, researcher Barnaby Jack said.

“We can influence any pump within a 300 foot range,” Jack told the BBC. “We can make that pump dispense its entire 300 unit reservoir of insulin and we can do that without requiring its ID number.”

A single dose of that much insulin can be fatal.

Jack wasn’t  the first person to hack into an insulin pump.  In 2011, a diabetic experimenting with his own equipment identified security vulnerabilities that could leave these machines open to someone remotely controlling their readings.  He presented his findings at a computer security conference later that year.

Other devices that use wireless signals to monitor patient’s medical conditions include pacemakers and defibrillators, which area also vulnerable to attack.

While the potential dangers are very real, other experts say the devices are very safe overall.

“There is no silver bullet, it’s not that these problems are easy to address,” he said. “But there is technology available to reduce these risks significantly,” Kevin Fu, associate professor of computer science at the University of Massachusetts at Amherst, told the BBC.

Dr. Tadayoshi Kohno wrote about the security of these devices in a 2010 edition of the New England Journal of Medicine.  At that time, he stressed to ABC News that the risk to patients is very low.

“I would have no qualms about getting one of the devices on the market now if I needed them,” Kohno said. “I think it’s preparing for the unexpected [that matters]. … The last thing we want is, in five or 10 years, to think, ‘Oops we should have thought about security.’”

Outside of experiments, there have been no known incidents of medical device hacking, and doctors say using this type of equipment can life-saving.

“Manufacturers have to make them to an extremely high level of liability.  They are critical to life,” said Dr. David Lubarsky, professor and chief of the University of Miami Health System.  “Diabetes is infinitely more dangerous than the possibility of a hacker deciding to target your insulin pump.”

 

 

You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus