October 28, 2011

Can your pump be hacked?


Whether it’s a World of Warcraft account, the FBI network or the Sesame Street YouTube channel broadcasting a XXX show- hacking is the technological equivalent of bullying.

Rather than going home with a blemish in your esteem you endure assault to your personal information, credit and even more damaging – your health. This is where we focus today. Let us begin with a story that broke this past summer.

 In August Jay Radcliffe, a diabetic who experimented on his own diabetes equipment, found a vulnerability in the insulin pump.  

Radcliffe noticed that insulin pumps could be controlled remotely by an unauthorized device. He also learned that continuous glucose monitoring systems could be disrupted and display inaccurate readings. Both of these vulnerabilities could be life-threatening and should be addressed.

 After 12 weeks -Medtronic Inc. has asked security experts to investigate the safety of its insulin pumps

In response to this turn of events Medtronic has been vigilant in investigating and rectifying any vulnerabilities shown to exist in their devices. Amanda Sheldon, Managing Editor of The Loop on the Medtronic website:

The steps being taken to ensure the security and safety of Medtronic devices includes:

  • Engaging leading security experts, including Symantec (the developer of Norton Anti-Virus and a security consultancy), to help us incorporate the latest encryption and security technologies into our products.

  • Undertaking an in-depth risk/benefit assessment process in accordance with regulatory standards to determine solutions to address this issue.

  • Developing an industry working group that brings together leading experts and companies from across the security and medical device ecosystem in order to systematically evaluate and recommend best practices for Medtronic and the industry going forward.

  • Communicating with you about these risks through our blog and other information channels so that you can make informed risk/benefit decisions with your healthcare team.

Furthermore, Sheldon writes, “We believe the risk of wireless tampering is low. The benefits of pump therapy are proven. Nonetheless, we think it is important that patients, in consultation with their healthcare providers, carefully weigh the benefits they obtain from insulin pump therapy with the potential risks.”

For those Medtronic pump users who wish to employ an added level of protection, the directions are:

  • Protect the serial number of your pump as you would your social security number, passwords and other standard personal information.

  • Follow normal security best practices including being aware of your surroundings, being aware of suspicious activity and not using public computers to upload your insulin pump.

  • Finally, we recommend you follow standard diabetes care guidelines by monitoring your blood glucose levels frequently. Good practice includes double checking your pump settings whenever you have unexplained rising or falling glucose numbers – and this is all the more important if you are concerned about device security.

The bottom-line is this is a glitch. The A-team is on it and is likely to be fixed before anybody could pull-off the a successful pump hack. This is not a double-dog date for losers. This is me saying hacking an insulin pump is not just a cyber crime it’s assault and potentially worse.