How Hackable is the One Touch Ping Pump?
Experts talk about how to minimize, eliminate the risk
With commentary by Jay Radcliffe, senior consultant, Rapid 7, Boston, and Kevin Fu, PhD, CEO, Virta Labs, Ann Arbor.
Initially, this week's news was scary indeed for the more than 100,000 U.S. and Canadian users of the OneTouch Ping Insulin pump. Cyber security expert Jay Radcliffe of Rapid 7 security firm in Boston had discovered that the pump's technology was hackable and could lead to an insulin overdose.1
The pump, with its remote meter, allows users to deliver a dose of insulin without accessing the pump itself, typically worn under clothes. But Radcliffe found that a hacker could potentially gain unauthorized access to the pump by way of its radio frequency communication system, which is unencrypted.
And that could mean delivering a dangerous overdose of insulin, leading to potentially life-threatening hypoglycemia.
Although the threat is real, the risk of the hacking actually occurring is low, agree Radcliffe and officials at Animas, the Johnson & Johnson company that makes the system. It launched in 2008.
And, if users are still worried, there are workarounds, agree Radcliffe and J&J. Patients who worry about the hacking possibility ''can make the decision to turn off the remote feature," Radcliffe tells Endocrine Web. "It eliminates the risk."
This week, J&J sent letters to pump users and health care professionals, says Donna Lorenson, a J&J spokesperson, and that possibility is also outlined in that communication. Radcliffe says his company and J&J have tested that option. And they found it works.
The letters also describe how else users can lower the hacking risk, besides turning off the remote feature.
- Continue to use the meter remote feature, but program the pump to limit the amount of bolus insulin that can be delivered. A number of settings can be customized allow this, such as setting maximum bolus amount, two-hour amount or total daily dose. If an attempt is made to override or exceed the amounts, the pump alarm will sound and prevent the delivery.
- Turn on the vibrating alert feature, which will notify users that a bolus dose is starting. The user can then cancel this.
In the letters to patients and health care professionals, J&J also notes that hacking the system ''would require technical expertise, sophisticated equipment and proximity to the pump, as the OneTouch Ping system is not connected to the internet or to any external network."
Radcliffe, who has type 1 diabetes, used the pump for over two years; that is when he discovered the potential for hacking. (He now relies on manual injections of insulin, but says he switched to that method only because it was now medically best for him.) He would have no hesitation, he says, in allowing a family member to use the OneTouch, if the device was deemed best for them.
He worked with J & J to be sure his firm and the pump makers are issuing the same safety information in the wake of the discovery about the hacking potential. "They aren't paying us to do any work," he says of J&J.
Are other, similar devices vulnerable to hacking? "I don't know, as each of these devices are proprietary," Radcliffe says. "I can't speak to that.'' However, he says, "just about every piece of software does have vulnerability."
Kevin Fu, CEO of Virta Labs, a healthcare security company, puts it more bluntly. "The dirty secret is that most medical devices were designed before manufacturers fully appreciated cybersecurity risks," he tells EndocrineWeb. However, he tempers the criticism with perspective. "But it's not a reason to run for the hills. Patients prescribed an infusion pump are far safer with the device than without."
Devices are getting better and more secure, Fu says. "But we still have a long way to go."
What to Do
All agree on what's best for OneTouch users: Talk to your doctor, especially if you're still worried about hacking.
"Patients should talk with their physicians and regularly apply software updates," Fu says.
Pump users should express their concerns to their doctor, Radcliffe says, and understand that they can choose how or if to use the devices.
Animas invites users to contact its customer support at Ra-Anmus-CustomSupp@its.jnj.com or 877-937-7867.