MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » UPDATE – Insulin pump hacker outs Medtronic, company responds

UPDATE – Insulin pump hacker outs Medtronic, company responds

By

Hackers

The security expert who hacked his own insulin pump revealed that the device came from Medtronic Inc. (NYSE:MDT), and accused the med-tech giant of ignoring his warnings.

Today the Natick, Mass.-based med-tech giant posted its official response to the hullabaloo, writing that it takes device information security very seriously but sees malicious medical device hacking as a very low threat.

"As technology evolves, we will continually incorporate measures to maintain information security while ensuring our devices meet their intended purpose of improving and extending lives," according to a statement on the company’s site.

Medtronic says it keeps a watchful eye on the security landscape and incorporates the latest research findings into its design process, which is why it attends conferences like the Black Hat meeting in Las Vegas this month where reports of hacking an insulin pump first emerged.

Jay Radcliffe, a diabetic and cyber threat intelligence analyst at IBM, presented results from experimenting on his own insulin pump at the Black Hat security conference, but he never revealed the brand of the pump in question or how he exploited its vulnerabilities.

"My initial reaction was that this was really cool from a technical perspective," Radcliffe told reporters. "The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive."

"This is a pretty rare incident. We’ve never had a real report of a real hacking case affecting anybody," Medtronic’s newly minted CEO said during a shareholder conference last week. "We take our security seriously – but we also consider it a very unlikely event."

After feeling dismissed by Medtronic and taking exception to public comments from the company, Radcliffe took the issue to the the public in order to pressure the company into making some changes, the Associated Press reported. Radcliffe claims the Dept. of Homeland Security made an introduction between him and the company, but calls and emails still went unanswered.

"We’ve never been contacted by the Department of Homeland Security," Medtronic spokesperson Steve Cragle told MassDevice. He insisted that the company was taking Radcliffe’s findings into consideration in an internal investigation. "We’ve been very open to his concerns."

Cragle called Radcliffe’s claims that calls and emails were ignored "just false," and was unstirred by Radcliffe’s promise to expose the pump’s vulnerabilities.

"We have already been working over the past several years to incorporate powerful encryption and security measures into our next generation products, including insulin pumps," according to MDT’s statement. " In addition, we collaborate with outside security experts and across business units to design our products with information security in mind to create rigorous, complex safeguards."

Minneapolis, Minn.-based Medtronic seemed skeptical of the Radcliffe’s anecdotal evidence shortly after the presentation made headlines, saying that his direct access to the pump and remote device and that his conscious decision to turn on the wireless feature of the pump were beyond the type of access a malicious hacker could reasonably have.

Radcliffe responded that the wireless feature he exploited can’t be accessed or switched off.

"To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide," a director of PR from Medtronic’s insulin pump subsidiary MiniMed Inc. told TuDiabetes.org, an online social network for diabetics.

All instances of hacked medical devices so far have come from research teams who had access to the devices and specialized equipment, not likely for real-world hackers. Just in case, researchers at MIT are working on a defensive device to jam unwanted signals from malicious sources.

Radcliffe’s story recently got the attention of several members of Congress, who urged the Government Accountability Office to investigate the safety and security of wireless medical devices.

In case you missed it

RSS From Medical Design & Outsourcing

  • Supply Chain EVP Greg Smith sees fewer suppliers in Medtronic’s future
    All eyes are on Medtronic’s global operations and supply chain leader as he works to modernize its operations and scrutinize suppliers. EVP of Global Operations and Supply Chain Greg Smith anticipates fewer suppliers in Medtronic’s future, he said in an interview this week. Smith spoke with DeviceTalks Editorial Director Tom Salemi in his first published… […]
  • CeQur is launching a discreet, convenient ‘wearable insulin pen’
    CeQur designed its Simplicity device to make insulin delivery as seamless as possible for people with diabetes. When it comes to managing diabetes, CeQur wants to make insulin therapy as convenient as possible. For those who prefer to manage their own insulin delivery, the Simplicity device might just do exactly that. Simplicity, a wearable, disposable… […]
  • Meddux opens new facility in Colorado
    Engineering, design, development and manufacturing company Meddux announced that it opened a new facility in Boulder, Colorado. The new, 22,000-square-foot facility doubles the overall square footage from its previous location in Colorado. According to a news release, it helps the company to quadruple its product development area and double its manufacturing footprint. Meddux’s new facility… […]
  • Reducing the Overall Cost of Validation
    By PTI Engineered Plastics Reliable medical devices and equipment are essential for researchers and doctors to accurately diagnose and treat a wide range of diseases. That is why there is such stringent oversight from the FDA to ensure these products meet the necessary requirements and specifications. To ensure compliance with regulators, manufacturers follow installation qualification… […]
  • BBS Automation has a deal to buy medtech supplier Kahle Automation
    BBS Automation said it plans to purchase high-speed automation supplier Kahle Automation to expand its medtech and life sciences business. Kahle will operate as Kahle – a BBS Company, according to a news release from Munich, Germany-based BBS and Lombardy, Italy-based Kahle. The deal is subject to regulatory approval. Terms were not disclosed. Kahle’s co-owners —… […]
  • How safe is health information after the overturning of Roe?
    The U.S. Department of Health and Human Services today issued guidance meant to better protect women’s health information as state abortion bans kick in after the U.S. Supreme Court’s overturning of Roe v. Wade. Despite the HHS actions, women may still wonder whether their health information is entirely safe going forward — a potential challenge… […]
  • Dexcom focuses on early diabetes diagnosis as COVID links emerge
    New evidence is showing that COVID-19 may increase a person’s risk of diabetes, but it could be years until we know for sure. In the meantime, Dexcom (Nasdaq:DXCM) is getting ready, VP of Global Clinical Initiatives Tomas Walker said. Walker recently spoke with Medical Design & Outsourcing to discuss the San Diego-based diabetes device developer’s… […]
  • Blackrock Neurotech and Pitt work on first at-home BCI system for remote trials
    Blackrock Neurotech and the University of Pittsburgh’s Rehab Neural Engineering Labs (Pitt RNEL) are working together on the first portable brain-computer interface (BCI) to allow patients to participate in research trials from home. A Blackrock representative said it’s the final step as the company prepares to launch its first commercial product early next year. Salt… […]
  • How medical device companies are responding to abortion bans
    Days after the U.S. Supreme Court’s decision to overturn Roe v. Wade’s protection of abortion rights, medical device companies are among those reassuring workers about healthcare access. Corporate communications to employees and the public at large come as trigger laws in nearly half of the states outlaw abortion immediately. Some medtech companies are not using… […]
  • Philips updates on testing results for recalled ventilators
    Royal Philips (NYSE:PHG) says only a small portion of returned respiratory devices displayed the sound abatement foam degradation that sparked a massive recall. Repeated ozone cleaning may have made the problem worse. Those were some of the major takeaways from an update Philips provided today on a comprehensive test and research program it implemented after its… […]
  • ResMed names Lucile Blaise as new Sleep & Respiratory Care leader
    Lucile Blaise will be the new president of ResMed’s Sleep & Respiratory Care business starting July 1, ResMed (NYSE: RMD) said today. She replaces Jim Hollingshead, who became president and CEO of Insulet (Nasdaq:PODD) on June 1. ResMed President and COO Rob Douglas is serving as interim president of the Sleep & Respiratory Care during… […]

Leave a Reply