J&J warns diabetic patients: Insulin pump vulnerable to hacking

(Reuters) – Johnson & Johnson is telling patients that it has learned of a security vulnerability in one of its insulin pumps that a hacker could exploit to overdose diabetic patients with insulin, though it describes the risk as low.
The logo of healthcare company Johnson & Johnson is seen in front of an office building in Zug, Switzerland July 20, 2016. REUTERS/Arnd Wiegmann

J&J’s letter said that if patients were concerned, they could take several steps to thwart potential attacks. They include discontinuing use of a wireless remote control and programming the pump to limit the maximum insulin dose.

Radcliffe said he believed that OneTouch Ping users would be safe if they followed the steps outlined in the letters from J&J.

“They can give peace of mind to the patient or parent of a child using the device,” he said.


In August, a prominent short seller and a cyber security research firm went public with allegations of potentially life-threatening cyber vulnerabilities in heart devices from St. Jude Medical Inc.

As its shares tumbled, St. Jude said the allegations were false, and the U.S. Food and Drug Administration began an investigation.

J&J said before it sent out the letters, it reviewed the matter with the FDA, which is preparing to issue formal guidance on how medical device makers should handle reports about cyber vulnerabilities.

An early draft of that guidance, which was released in January for public comments, called for device makers to work with security researchers, identify steps to mitigate risks, and provide patients with information about bugs so they can “make informed decisions” about device use.

The FDA on Tuesday praised J&J and Rapid7 for their work in discovering, finding ways to mitigate and disclosing the vulnerability.

“This is the proactive behavior the FDA has been looking to see from the medical device manufacturer and research community and demonstrates the collaborative manner in which vulnerabilities can be addressed in a way that best protects patients,” the agency said in a statement.

Read the original article in https://www.reuters.com/article/us-johnson-johnson-cyber-insulin-pumps-e/jj-warns-diabetic-patients-insulin-pump-vulnerable-to-hacking-idUSKCN12411L

Close Menu