Johnson & Johnson warns insulin pumps can be hacked

Johnson & Johnson has issued a written warning to users of its Animas OneTouch Ping insulin pump users that a cyber security issue could allow a person to hack into it using its unencrypted radio frequency communication system.  That would allow someone to pump a very high dosage of insulin into the user, which could lead to an overdose.

Despite issuing the warning, the company says the probability of someone getting into the device was "extremely low".  It claims it would require technical expertise, sophisticated equipment and proximity to the pump, as the OneTouch Ping® system is not connected to the internet or to any external network.

Johnson & Johnson says there have been no reports of the pumps actually being hacked.  The security flaw was uncovered by a computer security company.

The company says the pump’s radio frequency feature can be turned off but that would mean that the pump and meter would no longer communicate and blood glucose readings will need to be entered manually on the pump.

More than 100,000 of the devices are in use in the United States and Canada.  They are sold by Animas Corporation, a subsidiary of Johnson & Johnson.