MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

Home » UPDATE – Insulin pump hacker outs Medtronic, company responds

UPDATE – Insulin pump hacker outs Medtronic, company responds

By

Hackers

The security expert who hacked his own insulin pump revealed that the device came from Medtronic Inc. (NYSE:MDT), and accused the med-tech giant of ignoring his warnings.

Today the Natick, Mass.-based med-tech giant posted its official response to the hullabaloo, writing that it takes device information security very seriously but sees malicious medical device hacking as a very low threat.

"As technology evolves, we will continually incorporate measures to maintain information security while ensuring our devices meet their intended purpose of improving and extending lives," according to a statement on the company’s site.

Medtronic says it keeps a watchful eye on the security landscape and incorporates the latest research findings into its design process, which is why it attends conferences like the Black Hat meeting in Las Vegas this month where reports of hacking an insulin pump first emerged.

Jay Radcliffe, a diabetic and cyber threat intelligence analyst at IBM, presented results from experimenting on his own insulin pump at the Black Hat security conference, but he never revealed the brand of the pump in question or how he exploited its vulnerabilities.

"My initial reaction was that this was really cool from a technical perspective," Radcliffe told reporters. "The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive."

"This is a pretty rare incident. We’ve never had a real report of a real hacking case affecting anybody," Medtronic’s newly minted CEO said during a shareholder conference last week. "We take our security seriously – but we also consider it a very unlikely event."

After feeling dismissed by Medtronic and taking exception to public comments from the company, Radcliffe took the issue to the the public in order to pressure the company into making some changes, the Associated Press reported. Radcliffe claims the Dept. of Homeland Security made an introduction between him and the company, but calls and emails still went unanswered.

"We’ve never been contacted by the Department of Homeland Security," Medtronic spokesperson Steve Cragle told MassDevice. He insisted that the company was taking Radcliffe’s findings into consideration in an internal investigation. "We’ve been very open to his concerns."

Cragle called Radcliffe’s claims that calls and emails were ignored "just false," and was unstirred by Radcliffe’s promise to expose the pump’s vulnerabilities.

"We have already been working over the past several years to incorporate powerful encryption and security measures into our next generation products, including insulin pumps," according to MDT’s statement. " In addition, we collaborate with outside security experts and across business units to design our products with information security in mind to create rigorous, complex safeguards."

Minneapolis, Minn.-based Medtronic seemed skeptical of the Radcliffe’s anecdotal evidence shortly after the presentation made headlines, saying that his direct access to the pump and remote device and that his conscious decision to turn on the wireless feature of the pump were beyond the type of access a malicious hacker could reasonably have.

Radcliffe responded that the wireless feature he exploited can’t be accessed or switched off.

"To our knowledge, there has never been a single reported incident outside of controlled laboratory experiments in more than 30 years of device telemetry use, which includes millions of devices worldwide," a director of PR from Medtronic’s insulin pump subsidiary MiniMed Inc. told TuDiabetes.org, an online social network for diabetics.

All instances of hacked medical devices so far have come from research teams who had access to the devices and specialized equipment, not likely for real-world hackers. Just in case, researchers at MIT are working on a defensive device to jam unwanted signals from malicious sources.

Radcliffe’s story recently got the attention of several members of Congress, who urged the Government Accountability Office to investigate the safety and security of wireless medical devices.

In case you missed it

RSS From Medical Design & Outsourcing

  • Ga. warehouse workers sue Sterigenics, ConMed over EtO exposure
    Fifty-three people who worked in an Atlanta-area warehouse that stored medical devices sterilized by ethylene oxide (EtO) filed suit this week against Sterigenics and its parent company over exposure to the gas. The plaintiffs or their families claim that long-term EtO exposure to the sterilized devices, which they unloaded, handled, warehoused and distributed, caused multiple… […]
  • FDA eases regs on certain device changes during pandemic
    The FDA will allow limited changes to certain devices so medtech companies can address manufacturing and supply chain issues due to COVID-19-related disruptions. In a guidance released yesterday, the agency said it would allow changes to devices approved through its premarket approval (PMA) and humanitarian device exemption (HDE) pathways as long as those changes do… […]
  • 15 heart devices that could boost their manufacturers’ sales
    Before the coronavirus pandemic hit, medtech companies large and small were making notable news with a number of innovative heart devices. Some of these same companies took a big hit to their bottom lines when the danger of spreading COVID-19 and using up precious personal protective equipment convinced hospitals to limit non-urgent procedures. Now hospitals… […]
  • This wearable could help people practice safe distancing amid COVID-19
    Imec spinoff Lopos, with the Ghent University (Belgium) announced the Lopos SafeDistance wearable for promoting safety during the COVID-19 pandemic. As businesses attempt to return to in-person activities, the collaboration designed the wearable device to warn employees through an audible or haptic alarm when they are violating social distancing guidelines as they approach each other.… […]
  • FDA launches COVID-19 research initiative
    The FDA has entered an agreement with healthcare analytics company Aetion to research urgent questions about COVID-19. The New York City-based company said the research will support FDA objectives to explore the natural history of the disease, as well as treatment and diagnostic patterns using relevant, novel data sources and analyzing these data according to well-established principles.… […]
  • Medtronic execs see quick recovery, increased M&A
    If Medtronic’s troubling Q4 report offers a snapshot of a company hit hard by COVID-19, the next image in the sequence may show a faster-than-expected recovery and increased merger-and-acquisition of smaller companies. In the quarterly call on Thursday morning, Medtronic CEO Geoff Martha and CFO Karen Parkhill expressed optimism that the company’s businesses already are showing signs… […]
  • Webinar: How COVID-19 is changing medical device regulation, clinical trials and reimbursement
    Tuesday, June 23, 2020 11:30 a.m. eastern time / 8:30 a.m. pacific time     As the life sciences industry works to contain the COVID-19 outbreak, it is clear that the dynamics of the medical device and digital health industries are being disrupted. Going virtual is the new normal and executives of medtech and healthtech… […]
  • IMDRF recommends UL 2900 compliance for medical device cybersecurity
    By Stewart Eisenhart, Emergo Group Recent guidance published by the International Medical Devices Regulators Forum (IMDRF) that covers medical device cybersecurity best practices includes recommendations that manufacturers comply with the UL 2900 set of standards for network-connectable devices. Get the full story here at the Emergo Group’s blog. The opinions expressed in this blog post… […]
  • Goddard teams with Swab56 on COVID-19 test swabs
    Mechanical engineering and industrial design company Goddard announced that it is working with the Swab56 Project to rapidly increase the production of Swab56’s test swabs, which are used in healthcare facilities to test for COVID-19. As news reports have documented, traditional nasopharyngeal swabs are in short supply as healthcare facilities around the world struggle to keep… […]
  • This patient-mover got an emergency COVID-19 nod from the FDA
    AR Tech, a division of A&R Tarpaulins, announced today that the FDA has granted an EUA for its Patient Isolation Transportation Unit (PITU) to help hospitals better manage the COVID-19 pandemic. “PITU is a game-changer in this fight against the pandemic because it is a negative pressure isolation enclosure that makes working with highly contagious diseases… […]
  • Sommetrics lands ISO 13485 certification
    Sleep apnea treatment device startup Sommetrics announced yesterday that its quality management system has been certified to the ISO 13485:2016 standard. During the audit process required for certification, Sommetrics was also evaluated and found to be in compliance with the standards of the Medical Device Single Audit Program (MDSAP) for Canada. “This is an important… […]

Leave a Reply

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion

MASSDEVICE

Subscribe to MassDevice
Advertise with us
About
Contact us

Add us on Facebook Follow us on Twitter Connect with us on LinkedIn Follow us on YouTube