There haven’t been any reports of actual attempts to hack the Animas OneTouch Ping device, company executives told Reuters about what’s believed to be the 1st instance of a medical device company warned patients about the potential for a malicious hacking attack.
“The probability of unauthorized access to the OneTouch Ping system is extremely low,” the company said in letters mailed out yesterday to doctors and about 114,000 patients in the U.S. and Canada who use the device, according to the news service.
The incident is unfolding in stark contrast to allegations made in August by notorious short-selling firm Muddy Waters Consulting about major flaws in some of the cardiac rhythm management devices made by St. Jude Medical (NYSE:STJ). St. Jude later sued Muddy Waters and the hacking shop behind the report, after the sides traded accusations about its accuracy (which independent researchers found had “major flaws” – but not before STJ shares lost about 5% of their value, although the stock has since recovered somewhat).
New Brunswick, N.J.-based J&J told Reuters that it consulted with the FDA before sending the letter about its insulin pump. The company worked with well-known “white hat” hacking researcher Jay Radcliffe, a diabetic who reported vulnerabilities in the pump to the company in April, the executives said.
Radcliffe said he discovered that hackers could hijack the unencrypted communications between the Animas OneTouch Ping’s remote control and insulin pump, potentially forcing it to deliver unauthorized – and possibly lethal – insulin doses. Johnson & Johnson researchers confirmed the finding but noted that the hackers would have to be within 25 feet of the device. Dr. Brian Levy, chief medical officer for J&J’s diabetes unit, said such an attack would be difficult to enact because of the expertise and sophistication it requires.
“We believe the OneTouch Ping system is safe and reliable. We urge patients to stay on the product,” Levy told Reuters. Patients can stop using the wireless remote and program the insulin pump to limit the maximum dose, Johnson & Johnson said in the letter. Radcliffe said those measures would keep patients safe from the potential hack, Reuters reported.
“They can give peace of mind to the patient or parent of a child using the device,” he said, noting that the vulnerability does not affect J&J’s Animas Vibe line. The company’s chief information security officer, Marene Allison, told the news service that her team would make sure other J&J products don’t have similar bugs.
The post Johnson & Johnson warns on low cyber risk with Animas OneTouch Ping insulin pump appeared first on MassDevice.
from MassDevice http://ift.tt/2dpmsBb
Cap comentari:
Publica un comentari a l'entrada