MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

You are here: Home / Drug Pumps / UPDATE – Insulin pump hacker outs Medtronic, company responds

UPDATE – Insulin pump hacker outs Medtronic, company responds

By Leave a Comment

Hackers

The security expert who hacked his own insulin pump revealed that the device came from Medtronic Inc. (NYSE:MDT), and accused the med-tech giant of ignoring his warnings.

Today the Natick, Mass.-based med-tech giant posted its official response to the hullabaloo, writing that it takes device information security very seriously but sees malicious medical device hacking as a very low threat.

"As technology evolves, we will continually incorporate measures to maintain information security while ensuring our devices meet their intended purpose of improving and extending lives," according to a statement on the company’s site.

Medtronic says it keeps a watchful eye on the security landscape and incorporates the latest research findings into its design process, which is why it attends conferences like the Black Hat meeting in Las Vegas this month where reports of hacking an insulin pump first emerged.

Jay Radcliffe, a diabetic and cyber threat intelligence analyst at IBM, presented results from experimenting on his own insulin pump at the Black Hat security conference, but he never revealed the brand of the pump in question or how he exploited its vulnerabilities.

"My initial reaction was that this was really cool from a technical perspective," Radcliffe told reporters. "The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive."

"This is a pretty rare incident. We’ve never had a real report of a real hacking case affecting anybody," Medtronic’s newly minted CEO said during a shareholder conference last week. "We take our security seriously – but we also consider it a very unlikely event."

After feeling dismissed by Medtronic and taking exception to public comments from the company, Radcliffe took the issue to the the public in order to pressure the company into making some changes, the Associated Press reported. Radcliffe claims the Dept. of Homeland Security made an introduction between him and the company, but calls and emails still went unanswered.

"We’ve never been contacted by the Department of Homeland Security," Medtronic spokesperson Steve Cragle told MassDevice. He insisted that the company was taking Radcliffe’s findings into consideration in an internal investigation. "We’ve been very open to his concerns."

Cragle called Radcliffe’s claims that calls and emails were ignored "just false," and was unstirred by Radcliffe’s promise to expose the pump’s vulnerabilities.

"We have already been working over the past several years to incorporate powerful encryption and security measures into our next generation products, including insulin pumps," according to MDT’s statement. " In addition, we collaborate with outside security experts and across business units to design our products with information security in mind to create rigorous, complex safeguards."

Minneapolis, Minn.-based Medtronic seemed skeptical of the Radcliffe’s anecdotal evidence shortly after the presentation made headlines, saying that his direct access to the pump and remote device and that his conscious decision to turn on the wireless feature of the pump were beyond the type of access a malicious hacker could reasonably have.

Radcliffe responded that the wireless feature he exploited can’t be accessed or switched off.

"To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide," a director of PR from Medtronic’s insulin pump subsidiary MiniMed Inc. told TuDiabetes.org, an online social network for diabetics.

All instances of hacked medical devices so far have come from research teams who had access to the devices and specialized equipment, not likely for real-world hackers. Just in case, researchers at MIT are working on a defensive device to jam unwanted signals from malicious sources.

Radcliffe’s story recently got the attention of several members of Congress, who urged the Government Accountability Office to investigate the safety and security of wireless medical devices.

In case you missed it

RSS From Medical Design & Outsourcing

  • Mojo Vision developing ‘smart’ contact lens
    Mojo Vision is working with the FDA to develop a smart contact lens to help people with low vision. The lens overlays real-time contrast and lighting enhancements with zoom functionality and recently won FDA breakthrough device designation. “Receiving the Breakthrough Device Designation is a significant step in our research and development process. We look forward to… […]
  • FDA to EPA: Leave us out of your ethylene oxide rule
    This article has been updated with comments from the FDA. The FDA has asked the Environmental Protection Agency to leave the FDA out of its proposal for stricter regulation of ethylene oxide (EtO) emissions, and the EPA complied. In an interagency comment on the EPA’s proposed rule governing commercial EtO users — which includes medical… […]
  • Clippart debuts stepper-controlled flow valve
    Clippard recently launched a new stepper-controlled proportional valve for precision flow control. The Eclipse valve uses the industry’s most robust and powerful miniature linear actuator, according to Cincinnati-based Clippard. The patent-pending Eclipse is designed for liquid and gas delivery, medical, analytical and industrial automation requiring ultra-fine resolution and repeatability. The design also allows for custom… […]
  • Supporting regulatory affairs departments to address clinical requirements under new MDR
    By Dietmar Falke and Jaap Laufer, Emergo Group The May 25, 2020 MDR deadline is approaching rapidly, and by now many medical device manufacturers are aware that the MDR requires the proactive collection of post-marketing clinical follow-up (PMCF) data. Get the full story here at the Emergo Group’s blog. The opinions expressed in this blog… […]
  • 5 tips to raise funding for your medical device
    Securing funding can be a long and tedious process, and medical device businesses must work to position themselves as especially attractive to potential investors to maximize success and accelerate the fundraising process. Jon Speer, Greenlight Guru According to Alejandro Cremades, author of The Art of Startup Fundraising, it can take from six to nine months… […]
  • FDA recognizes latest ISO 14971 as medical device consensus standard
    By Mark Leimbeck and Stewart Eisenhart, Emergo Group The US Food and Drug Administration has granted Recognized Consensus Standard status to the third edition of the ISO 14071 risk management standard for medical devices and IVD products. Get the full story here at the Emergo Group’s blog. The opinions expressed in this blog post are… […]
  • Synaptive Medical updates Modus V surgical microscope
    Synaptive Medical announced that its U.S. and Canadian Modus V robotic digital microscope now includes updates such as additional 3D visualization and voice-activated control. The Modus V is a robotically controlled digital microscope used as part of Synaptive’s BrightMatter surgical suite designed for less invasive, patient-specific approaches in complex cranial procedures. The Modus V provides similar… […]
  • New machine can preserve donor livers for 1 week
    Researchers in Switzerland have built a perfusion machine that can preserve human livers for transplantation for a week or more, potentially slashing the number of donor livers that must be discarded due to time-related deterioration. Existing perfusion technology can preserve a donor liver for up to 24 hours. The team of surgeons, biologists and engineers… […]
  • Smiths Medical launches Portex tracheostomy tubes and kits
    Smiths Medical this week launched its Portex polyvinyl chloride tracheostomy tube and kit portfolio. The new polyvinyl chloride (PVC) tube portfolio has options for a variety of patients, according to the company. “Our goal was to create tracheostomy tubes and kits designed to help clinicians provide the best patient care. We’re excited to offer a variety… […]
  • FDA clears Cleveland Clinic 3D-printed airway stents
    The FDA recently cleared 3D-printed, patient-specific stents developed by a doctor at the Cleveland Clinic. Cleveland Clinic physician Tom Gildea developed the stents to keep open the airways of patients with serious breathing disorders caused by inflammation, trauma, tumors and other masses. Airway stents come in a limited number of sizes and shapes and are… […]
  • Boston Scientific shares drop on Q4 sales news
    Shares in Boston Scientific (NYSE:BSX) dropped 8% this morning on news of disappointing fourth-quarter sales. The company’s preliminary earnings report showed sales for the quarter ended Dec. 31, 2019 coming in at $2.9 billion, below the $2.91 billion that analysts were expecting. The unaudited sales figure represents organic growth of 7.3%, missing the company’s own guidance of… […]

Leave a Reply

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us
Add us on FacebookMassDevice Network
Follow us on Twitter@MassDevice
Connect with us on LinkedInLinkedIn
Follow us on YouTube YouTube