Following prompting from security and IT firm Rapid7, Johnson & Johnson, through its subsidiary Animas, has reached out to users of the Animas OneTouch Ping Insulin Infusion Pump to inform them about security vulnerabilities and how to mitigate them. According to Rapid7, because the communication with the insulin pump is not encrypted, an attacker could theoretically trigger unauthorized insulin injections, potentially triggering hypoglycemia from up to two kilometers away.
"We have been notified of a cybersecurity issue with the OneTouch Ping, specifically that a person could potentially gain unauthorized access to the pump through its unencrypted radio frequency communication system. We want you to know that Animas has investigated this issue and has worked with the appropriate regulatory authorities and security experts, as we are always evaluating ways to
further ensure patient safety and security," Animas wrote in a letter to users today. "We also want to assure you that the probability of unauthorized access to the One Touch Ping system is extremely low. It would require technical expertise, sophisticated equipment and proximity to the pump, as the OneTouch Ping system is not connected to the internet or to any external network. In addition, the system has multiple safeguards to protect its integrity and prevent unauthorized action."
Rapid7 researcher Jay Radcliffe, who discovered the vulnerabilities, has Type 1 diabetes and used the Animas pump himself for several years. He believes the risk for the average user is low, but there are easy fixes Animas can implement to reduce it event further: namely, encrypting the communications between the pump and the remote.
"[T]his research is done to make sure the future of our devices are safe," he wrote in a blog post. "As these devices get more advanced, and eventually connect to the internet (directly or indirectly), the level of risk goes up dramatically. This research highlights why it is so important to wait for vendors, regulators and researchers to fully work on these highly complex devices. This is not something to be rushed into as there is a patient’s life on the line. We all want the best technology right away, but done in a reckless, haphazard way puts the whole process back for everyone."
In its letter, Animas suggests that patients activate a feature that will notify them of an incoming insulin dose via a vibration on the pump, which would give them the opportunity to cancel a malicious dose, or set an automatic limit on the amount of insulin dispensed. Alternately, concerned users can deactivate the radio frequency feature entirely, since the pump can also be operated via controls on the device.
This news comes on the heels of high-profile accusations against St. Jude Medical that its pacemakers and defibrillators had problems of their own.
Radcliffe himself isn't new to this field -- he made headlines in 2011 when he discovered a security vulnerability in Medtronic's insulin pump. Medtronic was considerably less receptive at the time than J&J has been in this instance.