Wednesday, October 5, 2016

Johnson & Johnson insulin pump vulnerability

Johnson & Johnson has announced a vulnerability in one of their insulin pumps that could allow an attacker to change dosage levels:
Johnson & Johnson is telling patients that it has learned of a security vulnerability in one of its insulin pumps that a hacker could exploit to overdose diabetic patients with insulin, though it describes the risk as low.

Medical device experts said they believe it was the first time a manufacturer had issued such a warning to patients about a cyber vulnerability, a hot topic in the industry following revelations last month about possible bugs in pacemakers and defibrillators.

J&J executives told Reuters they knew of no examples of attempted hacking attacks on the device, the J&J Animas OneTouch Ping insulin pump. The company is nonetheless warning customers and providing advice on how to fix the problem.
Kudos to J&J - this is exactly how this sort of thing should be done.  No stonewalling, just transparency on what the issue is with a fix available.


libertyman said...

I heard someone say "Security was not an afterthought..."

Ken said...

J&J is still the gold standard for crisis communication. We teach Tylenol as a case in b-school. "That's how you do it."