MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » UPDATE – Insulin pump hacker outs Medtronic, company responds

UPDATE – Insulin pump hacker outs Medtronic, company responds

By

Hackers

The security expert who hacked his own insulin pump revealed that the device came from Medtronic Inc. (NYSE:MDT), and accused the med-tech giant of ignoring his warnings.

Today the Natick, Mass.-based med-tech giant posted its official response to the hullabaloo, writing that it takes device information security very seriously but sees malicious medical device hacking as a very low threat.

"As technology evolves, we will continually incorporate measures to maintain information security while ensuring our devices meet their intended purpose of improving and extending lives," according to a statement on the company’s site.

Medtronic says it keeps a watchful eye on the security landscape and incorporates the latest research findings into its design process, which is why it attends conferences like the Black Hat meeting in Las Vegas this month where reports of hacking an insulin pump first emerged.

Jay Radcliffe, a diabetic and cyber threat intelligence analyst at IBM, presented results from experimenting on his own insulin pump at the Black Hat security conference, but he never revealed the brand of the pump in question or how he exploited its vulnerabilities.

"My initial reaction was that this was really cool from a technical perspective," Radcliffe told reporters. "The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive."

"This is a pretty rare incident. We’ve never had a real report of a real hacking case affecting anybody," Medtronic’s newly minted CEO said during a shareholder conference last week. "We take our security seriously – but we also consider it a very unlikely event."

After feeling dismissed by Medtronic and taking exception to public comments from the company, Radcliffe took the issue to the the public in order to pressure the company into making some changes, the Associated Press reported. Radcliffe claims the Dept. of Homeland Security made an introduction between him and the company, but calls and emails still went unanswered.

"We’ve never been contacted by the Department of Homeland Security," Medtronic spokesperson Steve Cragle told MassDevice. He insisted that the company was taking Radcliffe’s findings into consideration in an internal investigation. "We’ve been very open to his concerns."

Cragle called Radcliffe’s claims that calls and emails were ignored "just false," and was unstirred by Radcliffe’s promise to expose the pump’s vulnerabilities.

"We have already been working over the past several years to incorporate powerful encryption and security measures into our next generation products, including insulin pumps," according to MDT’s statement. " In addition, we collaborate with outside security experts and across business units to design our products with information security in mind to create rigorous, complex safeguards."

Minneapolis, Minn.-based Medtronic seemed skeptical of the Radcliffe’s anecdotal evidence shortly after the presentation made headlines, saying that his direct access to the pump and remote device and that his conscious decision to turn on the wireless feature of the pump were beyond the type of access a malicious hacker could reasonably have.

Radcliffe responded that the wireless feature he exploited can’t be accessed or switched off.

"To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide," a director of PR from Medtronic’s insulin pump subsidiary MiniMed Inc. told TuDiabetes.org, an online social network for diabetics.

All instances of hacked medical devices so far have come from research teams who had access to the devices and specialized equipment, not likely for real-world hackers. Just in case, researchers at MIT are working on a defensive device to jam unwanted signals from malicious sources.

Radcliffe’s story recently got the attention of several members of Congress, who urged the Government Accountability Office to investigate the safety and security of wireless medical devices.

In case you missed it

RSS From Medical Design & Outsourcing

  • Keep the end in mind when choosing a medtech partner
    There are five general categories of medtech vendor partners. If the end is apparent in the beginning, the correct type of partner will be more apparent. Jim Reed, Minnetronix Medical Stephen Covey gave the business world this mantra in one of his bestsellers: “Start with the end in mind.” Whether they didn’t read the book… […]
  • Orthofix launches Fiberfuse Strip bone graft
    Orthofix (NSDQ:OFIX) today announced that it has launched its FiberFuse Strip bone graft in the U.S. Lewisville, Texas–based Orthofix designed the FiberFuse Strip to be a preformed bone-graft strip for posterior cervical, posterior lumbar and degenerative spinal procedures. FiberFuse Strip is 100% bone and has a unique mixture of mineralized cancellous and demineralized cortical bone with… […]
  • Thermo Fisher Scientific beats The Street in Q2 results
    Thermo Fisher Scientific (NYSE:TMO) today posted second-quarter results that beat the overall consensus on Wall Street. The Waltham, Mass.–based company reported profits of $1.8 billion, or $4.61 per share, on sales of $9.3 billion for the three months ended July 1, 2021, for a bottom-line gain of 58.1% on sales growth of 34.1% compared with… […]
  • Choosing the Right Rubber Material and Process for Your Medical Parts
    When it’s time to design and develop a new medical device that calls for an elastomer component, there are a number of material options and manufacturing processes to consider. The long list of material properties impacting performance includes your prospective polymer’s end-use environment, chemical compatibility, hardness, compression set, tensile properties and manufacturability — to name… […]
  • 3M’s healthcare segment registers growth in Street-beating Q2
    3M (NYSE:MMM) reported second-quarter results that beat the consensus forecast — with the company’s healthcare segment showing especially robust growth. The St. Paul, Minn.–based company posted profits of $1.5 billion, or $2.59 per share, on sales of $9 billion for the three months ended June 30, 2021, for a 16.7% bottom-line gain on sales growth of… […]
  • Evren Technologies earbud PTSD treatment device nabs FDA breakthrough device designation
    Evren Technologies this week announced that it received FDA breakthrough device designation for its Phoenix earbud device that treats PTSD. Gainesville, Fla.-based Evren Technologies designed the Phoenix device as a discreet earbud design that delivers transcutaneous auricular vagal nerve stimulation in a closed-loop system. It can be paired with the company’s PTSD symptom tracking app… […]
  • BD acquires resorbable polymer maker Tepha
    BD (NYSE:BDX) today announced that it has acquired resorbable polymer technology maker Tepha for an undisclosed amount. Franklin Lakes, N.J.–based BD said that it will use Lexington, Mass.–based Tepha’s resorbable polymer technology to accelerate growth of the company’s surgical mesh for soft tissue repair, reconstruction and regeneration. Tepha’s GalaFlex portfolio is also included in the acquisition.… […]
  • LifeSignals remote patient monitor wins FDA clearance
    LifeSignals today announced that it has received FDA 510(k) clearance for its LX1550 multi-parameter remote monitoring platform. Fremont, Calif.–based LifeSignals designed the LX1550 to continuously collect patient physiological data from home and in healthcare settings. The platform has a single-use wearable multi-parameter biosensor that records electrocardiography (ECG), heart rate, respiration rate, skin temperature and body… […]
  • Blackrock Neurotech and ClearPoint Neuro want to automate brain implant surgeries
    ClearPoint Neuro (NSDQ:CLPT) announced an agreement with Blackrock Neurotech to develop automated technologies for brain implant surgeries. The partnership will seek to develop an automated surgical solution for implanting brain-computer interfaces (BCIs) into patients with neurological disorders — including from paralysis, ALS, blindness and hearing loss. Solana Beach, Calif.–based ClearPoint Neuro said in a news… […]
  • New Mountain Capital to acquire Flexan
    New Mountain Capital’s ILC Dover today announced that it has reached a definitive agreement to acquire Flexan for an undisclosed amount. Lincolnshire, Ill.–based Flexan is a contract design and manufacturing company specializing in high-precision silicone, rubber and thermoplastic components for the medical device industry. The acquisition will allow both companies to serve a broader client… […]
  • How COVID-19 changed medical device clinical trials forever
    The success of remote clinical trial oversight opens the door to hybrid approaches and creates new possibilities for the future of trials. DeviceTalks Because of the pandemic, virtually overnight, all players involved in medical device clinical trials had to pivot to virtual monitoring to keep trials going. What impact did remote trial oversight have on… […]

Leave a Reply