Health IT Pulse

Aug 19 2011   10:52AM GMT

Insulin pump hack reveals lack of medical device security

AnneSteciw Profile: AnneSteciw

Tags:
medical device security
medical devices
wireless medical devices

A security researcher who presented at this year’s Black Hat security conference caused quite a stir when he showed audience members that he was able to hack into his own insulin pump. Jay Radcliffe is a cyber threat intelligence analyst at IBM who wanted to test the security of the two medical devices — an insulin pump and a continuous glucose monitor — he wears every day to control his diabetes.

Radcliffe found both devices had significant gaps in security: He was able to reprogram his insulin pump to respond to a stranger’s remote control device and could tamper with the readings of his glucose monitor by intercepting wireless signals. For diabetics who rely on these devices to stay healthy, this security flaw represents a risk that they could be harmed and possibly even killed, he believes.

“If somebody gets hurt through a medical device being tampered with, and potentially dying, it raises the stakes of this. If one person were to be harmed, it would be a very big deal. It would be front page news everywhere,” said Radcliffe in a television interview at the security conference.

Insulin pumps aren’t the only medical devices susceptible to hacking. Researchers in 2008 found that that some pacemakers could be hacked into and reprogrammed as well.

But aside from security experts and researchers, who is really hacking into insulin pumps? A few critics argue that the media is over hyping the story with headlines such as “Black hat hacker can remotely attack insulin pumps and kill people” and “Excuse me while I turn off your insulin pump.”  Some are worried this could create an environment of paranoia that will slow down the FDA approval process for new devices.

It doesn’t matter if the risk is small — Radcliffe believes the security holes must be plugged. In a blog conversation with a fellow diabetic, he argues that being in a rush for FDA approval is no excuse for sloppy medical device security. “Aren’t you concerned about the fact that the FDA doesn’t have any guidelines around wireless transmissions?” he asks.

Radcliffe told the Associated Press that after his presentation he planned to notify his device manufacturers of the weaknesses he discovered. A week later he tweeted “Wow. My Pump maker really doesn’t care abt security. Totally blew off my research findings and lied about it in a Press Release.”

Two members of congress do care about his findings, however. Reps. Anna G. Eshoo (D-CA) and Edward J. Markey (D-MA) specifically cited Radcliffe’s research in their request for a review of the Federal Communications Commission’s (FCC) actions in regard to wireless medical devices. The representatives want to ensure that the FCC is “identifying the challenges and risks posted by new medical devices and implants that make use of wireless technology to ensure that such wireless-enabled devices are safe, reliable, and secure, and do not cause harmful interference.”

It’s probably not a bad idea to regulate these wireless medical devices. While the insulin pump hack should not be cause for widespread alarm, it should be cause for action.

9  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • SearchHealthIT
    What an #insulin pump hack reveals about #medicaldevice security (or lack thereof) http://t.co/z9IsabE #mhealth #HealthIT #FDA
    0 pointsBadges:
    report
  • Beastwood
    Two [A href="http://www.theregister.co.uk/2011/08/19/insulin_pump_hack/"]U.S. representatives[/A] are now calling for a federal probe of wireless medical devices. This is getting serious.
    2,000 pointsBadges:
    report
  • EHealth Insider
    What an #insulin pump hack reveals about #medicaldevice security (or lack thereof) http://t.co/z9IsabE #mhealth #HealthIT #FDA
    0 pointsBadges:
    report
  • Ryan Witt
    A patient security breach is a breach all the same. Hackers look for a gap. #mhealth #healthit http://t.co/Qk4pIma
    0 pointsBadges:
    report
  • A Slice of Limey
    A patient security breach is a breach all the same. Hackers look for a gap. #mhealth #healthit http://t.co/Qk4pIma
    0 pointsBadges:
    report
  • BetterBio
    What an #insulin pump hack reveals about #medicaldevice security (or lack thereof) http://t.co/z9IsabE #mhealth #HealthIT #FDA
    0 pointsBadges:
    report
  • Absolute Software
    RT @WittRZ: A patient security breach is a breach all the same. Hackers look for a gap. #mhealth #healthit http://t.co/x2veGht
    0 pointsBadges:
    report
  • MagicPuffin
    What an #insulin pump hack reveals about #medicaldevice security (or lack thereof) http://t.co/z9IsabE #mhealth #HealthIT #FDA
    0 pointsBadges:
    report
  • laughingmind
    What an #insulin pump hack reveals about #medicaldevice security (or lack thereof) http://t.co/z9IsabE #mhealth #HealthIT #FDA
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: