Insulin pumps and other medical devices ‘hackable’

A diabetic security researcher has identified flaws that could allow an attacker to remotely control insulin pumps and alter the readouts of blood-sugar monitors. As a result, diabetics could get too much or too little insulin, a hormone they need for proper metabolism.

According to Jay Radcliffe, a diabetic who experimented on his own equipment released his findings at the Black Hat computer security conference in Las Vegas. He said, “My initial reaction was that this was really cool from a technical perspective… The second reaction was one of maybe sheer terror, to know that there's no security around the devices which are a very active part of keeping me alive.”

Increasingly, medical devices such as pacemakers, operating room monitors and surgical instruments including deep-brain stimulators are being made with the ability to transmit vital health information from a patient's body to doctors and other professionals. Some devices can be remotely controlled by medical professionals.

There have been no reported attempts at hacking but his findings raise fears about the safety of medical devices as they're brought into the Internet age. Serious attacks have already been demonstrated against pacemakers and defibrillators. Medical device makers downplay the threat from such attacks. They argue that the demonstrated attacks have been performed by skilled security researchers and are unlikely to occur in the real world. But there is no saying if there would be not attempts and no one successful with them.

Though there has been a push to automate medical devices and include wireless chips, the devices are typically too small to house processors powerful enough to perform advanced encryption to scramble their communications. As a result, most devices are vulnerable.

Radcliffe wears an insulin pump that can be used with a special remote control to administer insulin. He found that the pump can be reprogrammed to respond to a stranger's remote. All he needed was a USB device that can be easily obtained from eBay or medical supply companies. Radcliffe, who is 33 and lives in Meridian, Idaho, tested only one brand of insulin pump — his own — but said others could be vulnerable as well.

Radcliffe also found that it was possible to tamper with a second device he wears. He found that he could intercept signals sent wirelessly from a sensor to a machine that displays blood-sugar levels. By broadcasting a signal that is stronger than the real-time, authentic readings, the monitor would be tricked into displaying old information over and over. As a result, a patient who didn't notice wouldn't adjust insulin dosage properly. With a powerful enough antenna, Radcliffe said, an attacker could be up to half a mile away. This attack worked on two different blood-sugar monitors, Radcliffe said.

Everybody's pushing the technology to do more and more and more, and like any technology that's pushed like that, security is an afterthought,” Radcliffe said. Radcliffe refused to identify any of the three device makers, in part out of concern for his own safety. He is concerned that the devices don't appear to have an easy way to be updated with new software to fix the problems. He said he intends to notify the manufacturers after Thursday's presentation outlining the weaknesses.

The hacking fears come on top of human errors and technical glitches tied to medical devices. The U.S. Food and Drug Administration has identified software and design errors as critical concerns in investigating hundreds of deaths potentially linked to drug pumps. FDA officials declined to comment specifically on Radcliffe's findings, saying they hadn't seen the research. But the FDA said that any medical device with wireless communication components can fall victim to eavesdropping. It warns device makers that they are responsible for making sure they can update equipment after it's sold.

Industry officials responded by defending themselves. “The risk to a patient with diabetes of having their monitors hacked is extraordinarily small, and there's a greater health risk of not monitoring than the risk of being hacked,” said Wanda Moebius, a vice president at the Advanced Medical Technology Association, an industry group.

Yoshi Kohno, a University of Washington professor of computer science, said that Radcliffe's new research reinforces the urgency of addressing security issues in medical devices before attacks move out of research labs. “The threat hasn't manifested yet, so what they and we are trying to do is see what the risk could be in the future,” said Kohno, who wasn't part of Radcliffe's research.

Radcliffe said the point of his research is not to alarm people. He said the issues he's discovered are important to address publicly as the medical industry moves aggressively toward more networked devices. “It would only take one person to do this to kill someone and then you have a catastrophe,” he said.

Dr. Ananya Mandal

Written by

Dr. Ananya Mandal

Dr. Ananya Mandal is a doctor by profession, lecturer by vocation and a medical writer by passion. She specialized in Clinical Pharmacology after her bachelor's (MBBS). For her, health communication is not just writing complicated reviews for professionals but making medical knowledge understandable and available to the general public as well.

Citations

Please use one of the following formats to cite this article in your essay, paper or report:

  • APA

    Mandal, Ananya. (2020, April 03). Insulin pumps and other medical devices ‘hackable’. News-Medical. Retrieved on December 23, 2024 from https://www.news-medical.net/news/20110805/Insulin-pumps-and-other-medical-devices-hackable.aspx.

  • MLA

    Mandal, Ananya. "Insulin pumps and other medical devices ‘hackable’". News-Medical. 23 December 2024. <https://www.news-medical.net/news/20110805/Insulin-pumps-and-other-medical-devices-hackable.aspx>.

  • Chicago

    Mandal, Ananya. "Insulin pumps and other medical devices ‘hackable’". News-Medical. https://www.news-medical.net/news/20110805/Insulin-pumps-and-other-medical-devices-hackable.aspx. (accessed December 23, 2024).

  • Harvard

    Mandal, Ananya. 2020. Insulin pumps and other medical devices ‘hackable’. News-Medical, viewed 23 December 2024, https://www.news-medical.net/news/20110805/Insulin-pumps-and-other-medical-devices-hackable.aspx.

Comments

The opinions expressed here are the views of the writer and do not necessarily reflect the views and opinions of News Medical.
Post a new comment
Post

While we only use edited and approved content for Azthena answers, it may on occasions provide incorrect responses. Please confirm any data provided with the related suppliers or authors. We do not provide medical advice, if you search for medical information you must always consult a medical professional before acting on any information provided.

Your questions, but not your email details will be shared with OpenAI and retained for 30 days in accordance with their privacy principles.

Please do not ask questions that use sensitive or confidential information.

Read the full Terms & Conditions.

You might also like...
Study unlocks the secrets of beta cell regeneration