SoylentNews is people
SoylentNews
Johnson & Johnson has issued a security warning about one of its products:
Johnson & Johnson on Tuesday issued a warning about a possible cybersecurity issue with its Animas OneTouch Ping Insulin Infusion Pump. The problem was first reported by Reuters.
Computer security firm Rapid 7 discovered that it might be possible to take control of the pump via its an unencrypted radio frequency communication system that allows it to send commands and information via a wireless remote control. The company alerted Johnson & Johnson, which issued the warning. Getting too high or too low a dose of insulin could severely sicken or even kill. There have been no instances of the pumps being hacked, Johnson & Johnson said.
This discussion has been archived.
No new comments can be posted.
Johnson & Johnson Issues Security Warning About Insulin Pump
|
Log In/Create an Account
| Top
| 28 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Everything bows to success, even grammar.
(Score: 3, Informative) by DannyB on Wednesday October 05 2016, @03:59PM
> WTF does an important health care device need a WIRELESS connection
I know the answer because my daughter uses a different brand than the J&J pump from TFA.
1. If you use a sensor. This is a separate device with its own attachment to the body. It samples blood glucose every few minutes. It sends its readings to the pump. Now if the pump were set up to automatically dose insulin when the glucose monitoring sensor detects significantly rising blood glucose, it might be possible to spoof the pump into dosing insulin not needed. This is a potential vulnerability. The sensor and pump, on the brand I'm talking about (Medtronic) have a six digit code you choose on both the pump and sensor.
2. The pump can send it's log data to a USB dongle, which allows you to get that log data into your computer without the fuss of wires. The vendor's web site can upload that log data, if you have jumped through all the right hoops, and make it available to your doctor via a web site that the doctor can visit.
3. A woman may have the insulin pump under a dress, for example. Let's say a restaurant. Before eating, the user would dose themself with more insulin. Rather than have to lift up the dress, or take a visit to the restroom in order to access the pump's user interface, the user can use a wireless key fob to communicate to the pump, and get feedback from a couple beeps the pump will make.
Obviously security needs to be well thought out. Probably better thought out than it currently is.
One problem is that even the slightest changes to the design require a very long FDA approval process for a new model. So insulin pumps tend to be behind cell phones on technology. I remember when her insulin pump first got a color screen, and I thought, "it's about time".
In order to actually be FDA approved the pump AAA battery must be Eveready Energizer. I'm sure any AAA would work in a pinch. But this is what to use. And it's not worth playing any games with substitutions.
Is there a chemotherapy treatment for excessively low blood alcohol level?
(Score: 2) by Runaway1956 on Wednesday October 05 2016, @05:45PM
"slightest changes to the design require a very long FDA approval process"
On the other hand, the pharmaceuticals can get approval for new uses for old drugs and other underhanded tricks, relatively quick. Crazy, ain't it?
Hail to the Nibbler in Chief.
(Score: 2) by PocketSizeSUn on Wednesday October 05 2016, @06:41PM
Actually that's a bit different.
Once a drug is approved (in the market) a doctor can prescribe the drug for "off label uses".
Getting the drug on the market is hard, using it for something else is easy.
Drug pumps have a similar set of restrictions. A pump is approved for a specific drug, or subset of drugs. What drug is ultimately used can differ depending entirely on the Rx from the doc. My understanding is that it is quite a common situation for implanted devices to be delivering a cocktail that is technically "off label" is not particularly surprising to the manufacturer. It's ultimately up to the doc to put the right mix in and set the proper limits to provide the Rx.