Hacking Healthcare: Are insulin pumps more susceptible to attack?

August 9, 2012 by Arezu Sarvestani

Some insulin pumps contain a dangerous combination of software security weaknesses and "convenient" features that could prevent patients from knowing that their device has been compromised, a new report says.

insulin pump hacking

Insulin pumps are designed to be convenient and easy to use, but those features may make them more vulnerable to a hacker, a new report says.

That's because some of these life-saving medical devices may contain a dangerous combination: Wireless access, security vulnerabilities and features that may prevent a patient from knowing when a device has been compromised, researchers warned at a health security and privacy forum this week. Malicious hackers, known as "crackers," could exploit those vulnerabilities and cause serious harm to or even kill unsuspecting patients.

Medical device companies downplay the risks, pointing out that there are no cases on record of malicious hacks on medical devices, let alone evidence that any patient has been harmed via cyber-attack.

Sign up to get our free newsletters delivered right to your inbox.

However, there are enough examples of benign hacks into medical devices, either by researchers or by patients themselves, to raise concerns about wireless security in security circles.

Using an OmniPod automated insulin pump made by Insulet (NSDQ:PODD) as an example, a team of computer security experts highlighted the software vulnerabilities of medical devices, warning that "without requiring technical sophistication, an unauthorized party can significantly harm patients." The case was presented at the HealthSec 2012 USENIX Workshop on Health Security & Privacy in Bellevue, Wa., this week.

"The article is not a report on a scientific study," Insulet responded in an email statement sent to MassDevice.com today. "The authors are simply speculating on security risks. The authors do not report on any actual testing or violation of security systems in our patch pump or on any real-world incidence of a [personal diabetes manager's] setting being compromised."