Johnson & Johnson is warning patients about a security loophole that can leave them vulnerable to overdosing on insulin. While the company says the risk is low, and there have been no attempted hacks, the J&J Animas OneTouch Ping insulin pump is susceptible to a security breach in the wrong hands.
"The probability of unauthorized access to the OneTouch Ping system is extremely low," wrote the company in a letter, obtained by Reuters, sent to doctors and about 114,000 patients who use the device in the U.S. and Canada on Monday. "It would require technical expertise, sophisticated equipment and proximity to the pump, as the OneTouch Ping system is not connected to the internet or to any external network."
An insulin pump helps diabetic patients manage their blood glucose (sugar) levels by delivering insulin—a hormone secreted from the pancreas that prevents blood sugar levels from getting too high or low—throughout the day through a catheter under the skin. The J&J Animas OneTouch Ping insulin pump, which launched on the market in 2008, features a Meter Remote (read: a wireless remote control) that wirelessly communicates from up to 10 feet away to deliver customized levels of insulin from the pump.
Jay Radcliffe, a researcher at cyber security firm Rapid7 Inc and a diabetic, told Reuters that he found a loophole: hackers can spoof communication between the remote and the insulin pump allowing unauthorized insulin injections from up to 25 feet away that can lead to an overdose. Too much insulin can cause individuals living with diabetes to have a potentially life threatening hyperglycemic reaction.
A hacker would be able to accomplish this because the communication between remote to pump is not encrypted.
“The OneTouch Ping insulin pump system uses cleartext communications rather than encrypted communications, in its proprietary wireless management protocol,” wrote Rapid7 in a blog post. “Due to this lack of encryption, Rapid7 researcher Jay Radcliffe discovered that a remote attacker can spoof the Meter Remote and trigger unauthorized insulin injections.”
Radcliffe reported the potential threat to J&J in April and according to executives at the company, they are working on the security issues. And while J&J is owning the vulnerability, Brian Levy, chief medical officer with J&J’s diabetes unit suggests patients remain on the product.
"We believe the OneTouch Ping system is safe and reliable. We urge patients to stay on the product," Levy said.