UPDATE: Could a medical device be used to cyberassassinate?

Masked hacker

At least one Medtronic Inc. (NYSE:MDT) insulin pump has software vulnerabilities that could make it a target for malicious hacks and other models may also be at risk, according to software security giant McAfee.

The McAfee team developed code that allowed it to take over the insulin pump, altering its programming and even administering potentially lethal doses from as much as 300 feet away.

While malicious hacks on medical devices have never occurred outside of research settings, the tactic could be used as a new type of cyber weapon, McAfee researchers found.

Medtronic hired Symantec and other tech security firms to investigate its insulin pumps after security experts began questioning vulnerabilities exposed during a security conference in Las Vegas this summer, Reuters reported.

Medtronic spokesperson Steve Cragle told MassDevice that the company is rolling out a concerted push to confront and solve the issue.

"We’re in the process of spotlighting this update on our Medtronicdiabetes.com website, as well as on our diabetes-specific site and have been in communication with the diabetes community through social media channels since this issue was first raised," Cragle told us in an email. "We have also been directly briefing key diabetes advocacy organizations and influencers."

The world’s largest pure-play device maker told us that it’s taken a number of steps to combat the potential for hackers to hijack wireless devices.

"Medtronic takes patient safety and device security very seriously and we appreciate the security community bringing new information on the possibility of a cyber-attack on our insulin pumps," according to an emailed statement. "We have been increasing our focus on the prevention of tampering with our products and look forward to partnering with the security, healthcare and diabetes communities to develop ways to better protect patients from the risk of tampering, which is necessary to keep pace with a new and rapidly evolving technology landscape."
The steps Medtronic has taken on the issue include an in-depth risk/benefit analysis "to clearly assess the potential risk," assessing encryption and security technologies with an eye toward integrating them into its pipeline and "committing to establish an industry working group that engages relevant stakeholders from the diabetes, healthcare and security community to develop new approaches and best practices to device security," according to the email.

"Because insulin pumps are widely used by patients with diabetes for tight blood sugar control and lifestyle flexibility, we are also working to assure both patients and doctors that at this time we believe that the risk is low and the benefits of the therapy outweigh the risk of an individual criminal attack," the company said.  

The issue made headlines over the summer after a diabetic IBM security analyst, Jay Radcliffe, demonstrated a hack on his own insulin pump during a presentation at the 2011 Black Hat computer security conference in August.

"My initial reaction was that this was really cool from a technical perspective," Radcliffe told reporters. "The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive."

RSS From Medical Design & Outsourcing

  • Teknor Apex to showcase wide range of PVC compounds for medical devices at Medtec China
    Building on its international leadership role as a supplier of medical-grade PVC compounds, Teknor Apex Company has developed flexible and rigid formulations that address the special needs of device manufacturers. The company will highlight these capabilities at Medtec China 2015. “Teknor Apex produces or markets medical-grade PVC compounds in China, Singapore, Europe, and the United […]
  • The Raspberry Pi eco-system goes interstellar with the new Raspberry Pi Sense HAT
    Newark element14 has globally launched the latest addition to the expanding ecosystem of Raspberry Pi accessories, the Raspberry Pi Sense HAT, as featured in the ‘Astro Pi’ space mission. The Sense HAT will enable enthusiasts to control the same hardware used in space. The Sense HAT attaches to the Raspberry Pi board, and can be […]
  • CommScope completes acquisition of TE Connectivity’s Telecom
    CommScope Holding Company, has completed its previously announced acquisition of TE Connectivity’s Telecom, Enterprise and Wireless businesses, a leader in fiber optic connectivity for wireline and wireless networks. The all-cash transaction, valued at approximately $3 billion, strengthens CommScope’s position as a leading communications infrastructure provider with deeper resources to meet the world’s growing demand for network […]
  • SPI awards IKO Prosthetic Creative System the Student Design International Design Excellence Award
    SPI: The Plastics Industry Trade Association congratulated IKO Prosthetic Creative System for winning the SPI Student Design Award, part of the Industrial Designers Society of America’s (IDSA’s) International Design Excellence Awards (IDEA) program. The award was presented to IKO, an innovative, youth-focused prosthetic design company led by Chicago-based designer Carlos Torres, by SPI’s Senior Director of […]
  • New assay could revolutionize diagnosis and treatment of life-threatening disease
    Invasive Fungal Disease (IFD) is an emerging global health problem associated with high mortality rates in severely immunocompromised patients, such as those undergoing intensive chemotherapy or stem cell transplantation, and in patients suffering immune compromising conditions such as AIDS. The most common causative agents of this disease have been identified as Candida and Aspergillus species, […]
  • Molex delivers ISO 13485-compliant, medical-grade surgical cables from its class 100,000 clean room facility
    Molex, LLC operates a fully ISO 146441-1:1999 Class 8-certified clean room, satisfying strict particulate contamination levels specified by ISO-compliant requirements. Located in Thailand, the facility has less than 100,000 particulates (≥0.5µm) per cubic foot of air and manufactures a variety of ISO 13485-compliant medical cables and surgical cables used in operating theatres, hospitals, laboratories and […]
  • Swept-Source OCT: Patent license agreement between Massachusetts General Hospital and Heidelberg Engineering
    Heidelberg Engineering has entered into a patent license agreement with Massachusetts General Hospital (MGH) in Boston. The agreement grants global and exclusive rights to 77 basic patents and patent applications which relate to swept-source OCT technology and its application in ophthalmology. Spectral domain OCT has become indispensable to eye care professionals worldwide to diagnose and […]
  • MIT’s MultiFab presents a stark challenge to incumbent 3D Printer manufacturers’ hardware, software, and business Models
    MIT’s Computational Fabrication Group recently announced the MultiFab, a low-cost 3D printer that can combine up to 10 different resins in one part and also includes a 3D scanning system to identify and fix errors during production. According to Lux Research, these capabilities are rare in commercial 3D printers today due to the manufacturers’ need […]
  • AVX releases Accu-P MP medical grade film chip capacitors for medical devices
    AVX Corporation, a leading manufacturer of passive components and interconnect solutions, has released a new series of thin film chip capacitors specifically designed to meet the demanding performance specifications for implantable medical devices. Delivering extremely tight capacitive tolerances, exceptionally repeatable performance, and remarkably low ESR and high Q at high frequencies—including VHF, UHF, and RF […]
  • RIVANNA commences manufacturing of its Accuro device
    Rivanna Medical announced that it has begun manufacturing its FDA-cleared Accuro device, a handheld and untethered smart-phone-sized device that is designed to guide spinal anesthesia with automated 3D navigation technology in addition to ultrasound imaging of abdominal, musculoskeletal, cardiac and peripheral vascular anatomies. The product will be launched at the ASA annual meeting in San […]
  • FDA seeks public input on Quality Metrics guidance
    by Oliver Wolf, Senior Product Manager, MasterControl In line with the general shift towards risk-driven approaches in the quality management world, FDA is now taking steps towards applying those same principles to its own auditing schedule. At the end of July, the Center for Drug Evaluation and Research (CDER) and the Center for Biologics Evaluation […]

Leave a Reply