Johnson & Johnson says people with diabetes don't need to worry about potentially lethal wireless attacks on insulin pumps

It’s like the Overhead Door LLC installing a series of kinetic sculptures close to counterbalance and door release overrides and on a handle. Hardly anybody carries objects longer than 5.3", but someone with a discovery tool like a ruler, a specialist, could cause interference.
So, good going, there’s the Jim Finkle release, it’s done?

someone with a brick…
Brick guns are dad gum dangerous, is that. Did you see @Shteyngart on the VP ‘debate?’ Such gold.

4 Likes

Qui sorois.sorois.secure.sorois.sorois.etre.dulce==0 means different things to different diabetic engineers?

1 Like

Tell that to @beschizza.

5 Likes

Using unsecured communications is definitely bad practice. Even if all that is at risk is patient information, failing to take adequate steps to secure it is probably going to run afoul of HIPAA. If device function and patient safety is at risk, then security is paramount. Many devices go so far as to have “air gap” safety lockouts that prevent the device from doing grossly dangerous things (like delivering an overdose of insulin). In other words, the hardware is built such that it cannot do something obviously dangerous to the patient.

FDA published a final guideline on cybersecurity 2 years ago: FDC Finalizes Cybersecurity Guidance

To guard against vulnerabilities, the FDA urges manufacturers to consider cybersecurity during the design and development phase of the medical device. It also recommends manufacturers establish a cybersecurity vulnerability and management approach as part of their software validation and risk analysis. The approach should address the following elements:

An identification of assets, threats, and vulnerabilities
An assessment of the impact of vulnerabilities on device functionality and end users/patients
An assessment of the likelihood of a threat and a vulnerability being exploited
A determination of risk levels and mitigation strategies
An assessment of residual risk and risk acceptance criteria

The FDA also recommends that medical device manufacturers give justification in their premarket submissions for the security functions they choose for their products. Examples include limiting access to trusted users through such methods as authentication, strong password protection, and physical locks, and ensuring trusted content by restricting software or firmware updates to authenticated code.

One of the more difficult things to do is go back and change existing devices. So if you release a device that has a security flaw that doesn’t pop up until later (either you missed it or new technology enables a breach), there is little incentive and lots of cost associated with creating the fix and getting it approved for release.These aren’t consumer devices that iterate on the order of months - it takes years of development and regulatory review to get even minor changes released.

1 Like

Not yet, but it is a legitimate concern. That said, there is a balance between security vigilance and scaring patients away from medical technology.

A decade ago, media articles created a scare around the use of implantable defibrillators. There were definitely problems with some devices, but there was also no doubt that they saved lives - hundreds of thousands a year. The fear caused by the articles caused some patients who had an indication for a defibrillator to hold off or refuse one. Some of those patients then died of arrhythmias that the defibrillator could have treated. If you do the math on the risk of the device failure versus the number of patients who could have been saved by a defibrillator but were scared out of receiving one, the risk-benefit ratio is overwhelmingly in favor of receiving the device. Many more people were killed by fear of the device than by failed devices. Orders of magnitude more.

So while device manufacturers have an obligation to make their devices secure and reliable, the media also has an obligation to avoid fearmongering among patients who benefit from medical technology.

1 Like

There was a really good article this week on the topic of medical device cybersecurity from Cardiovascular Business: Hackers, Implantable Devices & Threats to Health Systems

Hack after hack in the news, and yet no sign that we’ll ever hold the corporations selling these dangerously vulnerable products to account.

Surely there’s some sort of criminal negligence in allowing your cars’ driving functions to be accessed from the internet, no?

1 Like

I certainly wouldn’t make any assumptions; given the amateur-hour flavor of their security design and response; but it seems pretty likely that these devices have some sort of serial number; and their RF protocol might have something analogous to MAC addresses(not so much because their proprietary protocol necessarily shares much with standard protocols that do have actual MAC addresses; but because ‘all nodes have a unique name so we can tell who is talking’ is such a useful design feature that it crops up in almost any bus or network interface design that is aimed at situations other than ‘2 directly connected devices, period’.)

That raises the…potentially interesting… possibility of both user tracking(the remote control presumably needs a way to know that it is successfully talking to the pump; so anyone with the appropriate radio could send out a harmless and mostly invisible ‘hey, can you hear me?’ query to get all local pumps to respond); and also the option of a doing targeted kills. Unless the target replaces their pump hardware, they are presumably tagged with the same serial number/ID for a relatively long period of time, so if at any point you are able to match the serial number to the person(whether by interacting with them while running a scanner, or by compromised medical records or the like); you could then flag that ID to receive lethal instructions whenever it comes near a radio you control; or if it comes near a specific radio, or whatever other set of trigger circumstances amuse you.

It’s not high on my list of concerns; but that is one genuinely novel capability compared to traditional ways of killing people. Indiscriminate killing is easy if you have explosives, targeted killing is easy if you are willing to do a bunch of legwork and risk being discovered close to the crime scene; but being able to do a targeted kill remotely; potentially weeks or months in the future, could have some interesting specialist applications.

This topic was automatically closed after 5 days. New replies are no longer allowed.