Insulin pumps targeted by hackers

Next story

 

Pharmaceutical company Johnson & Johnson have issued a warning that one of their insulin pumps for diabetics is at risk of being hacked, which could lead to overdosing.

Diabetic patients in the US and Canada have been warned about a potential malicious attack on Johnson & Johnson’s OneTouch Insulin Pump, which could be hacked into and made to overdose patients with insulin. The insulin pump uses an unencrypted radio frequency communication system, which hackers can access.

The OneTouch Insulin Pump was deemed safe to use, with the chance of it being hijacked a low risk. Hackers would need technical expertise, close proximity and expensive equipment in order to access the radio frequency, as the insulin pump isn’t connected to the internet or external network.

This could potentially be the start of medical manufacturing being hacked, leading to much bigger and more serious problems. Mark James, ESET IT Security Specialist, discusses why medical equipment isn’t currently developed with cyber security in mind, and what can be done to mitigate the issue.

“Quite often the problem with security in the medical or health industry is financially driven, as cost is a major factor , both in running and supplying the equipment used.

“In these instances, the biggest factor is often making the equipment attainable for the masses who need it.

“The security of these products has to be factored into the cost, and may even in some cases not be a factor at all. We’re working towards an IoT environment where everything has to be connected, but securing those devices in some cases is a secondary concern.

“When older equipment was originally designed, the idea of “hacking” those devices was probably not even a factor. As they develop it’s much harder to introduce techniques to make them secure, as this usually requires a redesign which again has a serious cost impact.

“Securing the information passed between devices may be as simple as using industry standard encryption, so if the data is compromised it’s near useless to the average opportunistic hacker and at least shows a basic level of client protection.

“Medical suppliers of equipment should understand the potential risks of being compromised: if successful the results could technically be catastrophic.

If the wrong measurements of a given drug are dispensed, or the patient decides to not use their equipment because of concerns regarding its security, it could be life threatening.

“Cost will always be a factor but nowadays security is just as important, the public need to feel safe using, quite often, the very things that keep them alive.”

Does the potential for more and more interconnect medical or industrial equipment worry you? Let us know on Twitter @ESETUK

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.