Could a technologically sophisticated hacker threaten patients’ lives by secretly attacking their medical devices?

Reuters reports that concerns about such a possibility have prompted the giant medical technology company, Medtronic, to ask software security experts to investigate the safety of its insulin pumps. Currently, about 200,000 Medtronic insulin pumps are being used by diabetic patients.

In August, Medtronic said security flaws in its implanted insulin pumps could allow hackers to remotely take control of the devices. Then, on Friday, a more serious risk in a Medtronic Paradigm insulin pump was exposed by a software security company, McAfee, touching off fears that other models of the device also could be vulnerable.

A McAfee executive said its company’s research team developed a way to gain complete control of the Medtronic insulin pump from as far away as 300 feet, with a Windows PC and an antennae that communicates with the medical device over the same radio spectrum used by some cordless phones. But the executive added that McAfee, which wants to draw the attention of regulators and manufacturers to electronic security flaws, has found no evidence that any hacker has tried to exploit the insulin pump vulnerability.

Medtronic, in a recent statement on its website, also said it knew of no such attacks, and added that the company “believes the risk of deliberate, malicious, or unauthorized manipulation of our insulin pumps is extremely low.” Still, the company has said that patients should check their insulin pumps if they have a suspicious encounter.

The pumps are used to inject insulin, a hormone that needs to be bolstered in diabetics so that their bodies can convert glucose into energy. But when too much insulin is released into the bloodstream, a person’s blood sugar can become too low, a condition known as hypoglycemia. In severe cases, hypoglycemia can lead to seizures, coma and death.


Related Post:
Leaky Insulin Pumps Spur Latest Johnson & Johnson Recall