More

Insulin Pump Hacking Prompts Lawmakers To Take Action

Insulin Pump Hacking

08/19/11 07:06 PM ET   AP

Inspiring
 Funny
 Obsolete
 Scary
 Must-Have
 Amazing
 Innovative
 Nerdy

SAN FRANCISCO — Two lawmakers are requesting a review of the government's security standards for wireless medical devices after a diabetic discovered how to remotely reprogram his and other people's insulin pumps.

Reps. Anna Eshoo of California and Edward Markey of Massachusetts, both Democrats, asked the Government Accountability Office, the investigative arm of Congress, to evaluate the Federal Communications Commission's efforts to identify the risks of implants and other medical devices that use wireless communications technologies.

They cited new research by Jay Radcliffe, a 33-year-old computer security expert from Idaho, who demonstrated at a conference this month that he could hack into an insulin pump he wears on his body and get it to respond to an unauthorized remote control.

He didn't identify the specific vulnerabilities that allowed him to perform the attack, but has privately alerted the device maker – which he did not name – about the issues. Others are likely vulnerable as well.

The techniques raise the possibility of someone roaming a hospital's halls performing sinister attacks. Diabetics could get too much or too little insulin, a hormone they need for proper metabolism.

Similar attacks have also been shown against pacemakers and defibrillators.

Radcliffe told The Associated Press that he experienced "sheer terror" upon finding that "there's no security around the devices which are a very active part of keeping me alive."

The U.S. Food and Drug Administration has said that any medical device with wireless communication components can fall victim to eavesdropping. It warns device makers that they are responsible for securing their equipment.

Eshoo and Markey wrote in a letter dated Monday that they would like the GAO to investigate the extent to which the FCC, which establishes technical requirements for radio communications, is ensuring the safety of wireless medical devices and coordinating with the FDA.

"In bringing forward innovative wireless technologies and devices for healthcare, it's critical that these devices are able to operate together and with other hospital equipment, and not interfere with each other's activities and data transmissions," they wrote. "It's also important that such devices operate in a safe, reliable, and secure manner."

FOLLOW HUFFPOST TECH

SAN FRANCISCO — Two lawmakers are requesting a review of the government's security standards for wireless medical devices after a diabetic discovered how to remotely reprogram his and other peop...
SAN FRANCISCO — Two lawmakers are requesting a review of the government's security standards for wireless medical devices after a diabetic discovered how to remotely reprogram his and other peop...
Related News On Huffington Post:
 

Filed by Bianca Bosker  | 

More in Technology...


 
 
  • Comments
  • 16
  • Pending Comments
  • 0
  • View FAQ
Comments are closed for this entry
View All
Favorites
Recency  | 
Popularity
HUFFPOST SUPER USER
libnlandofthelost
Mrs. Curmudgeon
180 Fans
12:08 AM on 08/23/2011
This makes for a good plot line for CSI, but it takes more than hacking knowlege to screw with a pump to make it deliver a lethal dose of insulin. If someone is awake, they'll know notice their sugar dropping. People make programming errors anyway, they are taught to respond appropriately.
I wonder what can be done to an ICD or pacemaker by hacking it. Its not possible to just fire ICD, which will kill someone who is in a normal rythm. You turn them off with a magnet, you don't have to hack it. Not sure you could change a pacemaker's settings if you were that far away from the device itself either.
Sounds like James Patterson could come up with a great book out of this though.
Permalink  |
photo
HUFFPOST SUPER USER
TruEngineHearing
Happiness needs new pursuers...
782 Fans
10:41 AM on 08/23/2011
I hope you doubts are correct. But the scenario of someone walking through a hospital - or senior center - futzing with people's pacemakers or defibrillator's might be a great book - but later; now it's "sheer terror", as the guy said...
Permalink  |
photo
Mitchman57
I might be indecisive. But... maybe not.
429 Fans
08:51 AM on 08/22/2011
Once again, the boot of big government on the throat of free Americans. I wonder if this agency will disappear in 2012?
Permalink  |
whinenot
Actions speak louder than words.
503 Fans
11:42 PM on 08/21/2011
This is very disturbing. I know folks who use insulin pumps and this could literally kill an individual if the pump was programmed in the middle of the night to deliver large doses of insulin to a sleeping diabetic. Here is my suggestion for a law...automatic life sentence without parole if found to have hacked person's insulin pump. Or better yet, make the hacker wear the pump and then program it to give massive dosages of insulin to the hacker. Manufacturers need to get their act together immediately.
Permalink  |
photo
HUFFPOST SUPER USER
JohnTheMac
Now, why don't you go home and get your shine box?
164 Fans
11:57 PM on 08/21/2011
" Or better yet, make the hacker wear the pump and then program it to give massive dosages of insulin to the hacker."

No, if you 'hack' into anyones medical devices, guess what? You're paying back society!
You have 2 kidneys, 2 eyes, right? Guess what? You're donating one each. You're also gonna give a few pints of blood, bone marrow, and hair for cancer victims.
i.e. YOU will be hacked, for hacking.
Permalink  |
photo
Mitchman57
I might be indecisive. But... maybe not.
429 Fans
08:52 AM on 08/22/2011
Fanned
Permalink  |
photo
HUFFPOST SUPER USER
rotorhead1871
who are you jivin' with that cosmic debris?...
283 Fans
10:15 PM on 08/21/2011
these mfg's have paid no attention to this issue, time to play catch up!!
Permalink  |
photo
soundping
America: Love it or leave it !
592 Fans
08:51 PM on 08/21/2011
They just need to add encryption with password wall. Similar too a wireless router.
Permalink  |
photo
HUFFPOST SUPER USER
JohnTheMac
Now, why don't you go home and get your shine box?
164 Fans
07:52 PM on 08/21/2011
How many carbs in Spam?
Permalink  |
photo
HUFFPOST SUPER USER
dngrwill
The Past, by definition, must lose
72 Fans
07:04 PM on 08/21/2011
Life is balancing risk and reward. This is not a risk worth paying attention to. Also, the 'hacker' took his apart and physically modified it. Not sure people will stay still as the 'hackers' try to open the pump....
Permalink  |
photo
HUFFPOST SUPER USER
MikeyJaii
Socialism.
186 Fans
 
06:17 PM on 08/21/2011
Wow. Extremely dangerous. Especially if a nut head hacker decides to cause hurt.
Permalink  |
photo
Thundermonty
2 Fans
 
12:01 AM on 08/22/2011
yeah that would be bad. i wonder what happens when they get too much insulin. maybe they turn into insulin-loaded diabetic zombies.
Permalink  |
HUFFPOST SUPER USER
WthyrBendragon
Java junkie. Beverage or code, take your pick.
130 Fans
 
08:13 AM on 08/23/2011
I think the actual trouble starts with something called insulin shock.
Permalink  |
photo
HUFFPOST SUPER USER
Indrid Cold
All that glitters . . . is . . . Cold . . .
167 Fans
 
07:56 PM on 08/23/2011
That was so bad you get punished with a LOL badge . . . .
Permalink  |
This user has chosen to opt out of the Badges program
photo
Inannawhimsey
82 Fans
05:38 PM on 08/21/2011
Someone tell Homeguard Insecurity -- someone, somewhere, might be having too much Freedom ;3
Permalink  |
photo
Lahonda
Bynocent Instander
2201 Fans
05:35 PM on 08/21/2011
Kind of puts a whole new twist on it when industry secures your car's ignition in the parking better than they secure your pacemaker, huh?
Permalink  |