MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » UPDATE – Insulin pump hacker outs Medtronic, company responds

UPDATE – Insulin pump hacker outs Medtronic, company responds

By

Hackers

The security expert who hacked his own insulin pump revealed that the device came from Medtronic Inc. (NYSE:MDT), and accused the med-tech giant of ignoring his warnings.

Today the Natick, Mass.-based med-tech giant posted its official response to the hullabaloo, writing that it takes device information security very seriously but sees malicious medical device hacking as a very low threat.

"As technology evolves, we will continually incorporate measures to maintain information security while ensuring our devices meet their intended purpose of improving and extending lives," according to a statement on the company’s site.

Medtronic says it keeps a watchful eye on the security landscape and incorporates the latest research findings into its design process, which is why it attends conferences like the Black Hat meeting in Las Vegas this month where reports of hacking an insulin pump first emerged.

Jay Radcliffe, a diabetic and cyber threat intelligence analyst at IBM, presented results from experimenting on his own insulin pump at the Black Hat security conference, but he never revealed the brand of the pump in question or how he exploited its vulnerabilities.

"My initial reaction was that this was really cool from a technical perspective," Radcliffe told reporters. "The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive."

"This is a pretty rare incident. We’ve never had a real report of a real hacking case affecting anybody," Medtronic’s newly minted CEO said during a shareholder conference last week. "We take our security seriously – but we also consider it a very unlikely event."

After feeling dismissed by Medtronic and taking exception to public comments from the company, Radcliffe took the issue to the the public in order to pressure the company into making some changes, the Associated Press reported. Radcliffe claims the Dept. of Homeland Security made an introduction between him and the company, but calls and emails still went unanswered.

"We’ve never been contacted by the Department of Homeland Security," Medtronic spokesperson Steve Cragle told MassDevice. He insisted that the company was taking Radcliffe’s findings into consideration in an internal investigation. "We’ve been very open to his concerns."

Cragle called Radcliffe’s claims that calls and emails were ignored "just false," and was unstirred by Radcliffe’s promise to expose the pump’s vulnerabilities.

"We have already been working over the past several years to incorporate powerful encryption and security measures into our next generation products, including insulin pumps," according to MDT’s statement. " In addition, we collaborate with outside security experts and across business units to design our products with information security in mind to create rigorous, complex safeguards."

Minneapolis, Minn.-based Medtronic seemed skeptical of the Radcliffe’s anecdotal evidence shortly after the presentation made headlines, saying that his direct access to the pump and remote device and that his conscious decision to turn on the wireless feature of the pump were beyond the type of access a malicious hacker could reasonably have.

Radcliffe responded that the wireless feature he exploited can’t be accessed or switched off.

"To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide," a director of PR from Medtronic’s insulin pump subsidiary MiniMed Inc. told TuDiabetes.org, an online social network for diabetics.

All instances of hacked medical devices so far have come from research teams who had access to the devices and specialized equipment, not likely for real-world hackers. Just in case, researchers at MIT are working on a defensive device to jam unwanted signals from malicious sources.

Radcliffe’s story recently got the attention of several members of Congress, who urged the Government Accountability Office to investigate the safety and security of wireless medical devices.

In case you missed it

RSS From Medical Design & Outsourcing

  • Researchers tout biomaterials that can be ‘fine-tuned’ for medtech
    Researchers in the UK and U.S. are touting a new thermoplastic biomaterial capable of “fine-tuning” for use in soft tissue repair or bioelectronics. According to a news release, the material, which is a type of polyester, has been developed by a team at the University of Birmingham (UK) and Duke University (U.S.) for use in… […]
  • HHS could make permanent pandemic-related exemptions for some devices
    HHS has used the Trump administration’s waning days to propose permanently exempting certain medical devices — including infusion pump controllers and fetal monitors — from the FDA 510(k) clearance process. In a notice published Jan. 15, 2021, in the Federal Register, the agency also listed seven types of patient examination gloves that it has decided… […]
  • Medtechs can’t set digital strategies aside – DTW Podcast
    Digital connectivity no longer belongs in the final slides of a medtech company’s pitch deck. In the latest DeviceTalks Weekly podcast, three leaders pushing for connected medical devices explain the need to incorporate data collection and monitoring functionality in new devices: Scott Huennekens, who advanced the “digital surgery” strategy when he helped launch Verb Surgical,… […]
  • Protolabs to acquire 3D Hubs for up to $330M
    Protolabs (NYSE: PRLB) today announced it plans to acquire Amsterdam-based 3D Hubs, an online manufacturing platform that provides engineers with on-demand access to a global network of approximately 240 manufacturing partners. The transaction creates a comprehensive digital manufacturing offer for custom parts, expanding Protolabs’ breadth of capabilities as well as adding a broader offering of pricing and… […]
  • These medtech stocks performed the best in 2020
    While 2020 did not go as planned for anyone, with the twists and turns came opportunities for medtech companies to power forward. Innovations came both as a result of the COVID-19 pandemic and perhaps in spite of the challenges brought on by the virus, highlighted by the increased efforts to produce vaccines and testing while… […]
  • Covestro tests plastics against high-strength hospital disinfectants
    Covestro announced that it recently teamed with disinfectant manufacturer Metrex to test six different Covestro polycarbonate materials against three of Metrex’s products, which are widely used throughout the healthcare industry. As is customary for rapidly assessing the compatibility of plastics to disinfectants, test specimens were pre-strained and underwent several wipe-and-dry cycles with Metrex disinfectants to… […]
  • Integer expands N.Y. battery plant
    Integer announced today that it recently broke ground on an expansion of its Alden, N.Y., facility to accommodate new equipment that will substantially increase the plant’s production capacity for rechargeable Xcellion lithium-ion batteries. The project kicked off in mid-December 2020 and will add both production equipment and a build-out of Integer’s existing facility. The company… […]
  • Diversified Plastics adds high-efficiency vertical presses
    Diversified Plastics (DPI) announced that it recently installed six all-electric vertical injection molding presses. These presses will join DPI’s existing assemblage of vertical presses and provide increased production capacity to meet growing demand from medical device and other original equipment manufacturers (OEMs). DPI uses vertical presses for over-molding and insert-molding, capabilities often required for medical… […]
  • Traco Power expands power supply line for portable medical equipment
    Traco Power announced that it has expanded its TPP 450 high-density 3×5 power supply series. The series now offers Protection Class II models (TPP 450BA-M Open-Frame Models and TPP 450B-M Enclosed with Fan Models), designed for non-stationary requirements where connection to ground is not possible. Key approvals on the original series remain on the expanded… […]
  • Reflow Medical launches low-profile reinforced support catheters
    Reflow Medical today announced it has launched its Reflow Spex Low Profile reinforced support catheters. The Spex LP catheters are designed to provide the lowest profile tip to access and cross the tightest and most complex lesions with a supportive system. They come in 0.014 in. and 0.018 in. sizes and can be combined with… […]
  • Former CDER head Woodcock to lead FDA for now
    FDA veteran Dr. Janet Woodcock has been tapped as interim FDA commissioner by the Biden administration, according to published reports. An article by BioCentury also said that former FDA commissioner David Kessler, who had been mentioned as a possible replacement for current commissioner Stephen Hahn, will be a consultant to the agency but will not… […]

Leave a Reply