Want to know what's happening next in healthcare?

MedCityNews is the leading online news source for the business of innovation in healthcare.


“I like the diversity of topics that MedCity News covers – ranging from devices to policy to start-up companies. Always something interesting to find.”

Robert J. Szczerba, Ph.D., CEO, X Tech Ventures


Sign up for our daily newsletter


Hacker shows off vulnerabilities of wireless insulin pumps

3:16 pm by | 0 Comments

data breach, hack

Last year, Jerome Radcliffe caught Medtronic off guard when he  hacked into his own insulin pump. No one had attempted such a thing before, at least not successfully.

This year, it has happened again. Bloomberg News reports that another person has proved he can hack into an insulin pump and command it to deliver a lethal dose. To prove it, Barnaby Jack–a security researcher with McAfee–hacked into an insulin pump he had placed in a see-through mannequin. Wirelessly, his software stole the pump’s security credentials and had it empty all its contents into the fake pancreas inside the mannequin.

What is even more scary about Jack’s feat is that it goes beyond Radcliffe’s attempts to display how vulnerable these machines truly are. As Bloomberg notes:

Advertisement

He has discovered a way to scan a public space from up to 300 feet away, find vulnerable pumps made by Minneapolis-based Medtronic Inc., and force them to dispense fatal insulin doses. Jack doesn’t need to be close to the victim or do any kind of extra surveillance to acquire the serial number, as Radcliffe did.

Jack’s findings were presented at the RSA Security Conference Wednesday in San Francisco by McAfee’s chief technology officer Stuart McClure. Here are some of the tweets following the demo of the live hacking.

Medtronic spokesman Steve Cragle said that the company appreciates the security community bringing new information on the possibility of manipulating insulin pumps. He said the company is partnering with the security, healthcare and diabetes communities to protect patients from the risk of tampering.
He said that the company has taken these steps to improve security:

  • Conducted an internal vulnerability assessment;
  • Hired independent security experts Symantec, Argonne National Laboratory and WurldTech Security Technologies to help with product security improvements
  • Consulted with the Department of Homeland Security’s Cyber Emergency Response Team

[Top photo credit: Pong; bottom photo credit: Storify]

 

Copyright 2014 MedCity News. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

Arundhati Parmar

By Arundhati Parmar

Arundhati Parmar is the Medical Devices Reporter at MedCity News. She has covered medical technology since 2008 and specialized in business journalism since 2001. Parmar has three degrees from three continents - a Bachelor of Arts in English from Jadavpur University, Kolkata, India; a Masters in English Literature from the University of Sydney, Australia and a Masters in Journalism from Northwestern University in Chicago. She has sworn never to enter a classroom again.
More posts by Author

0 comments