Medtronic Insulin Pump Security Breached

A diabetic patient who is also a computer security specialist said he knows it’s possible to remotely hack into the security of computerized insulin pumps, because he has hacked into his own.

Jay Radcliffe, 33, of Meridian, Idaho, presented this information during a conference sponsored by Black Hat, a Seattle-based group for computer security technologists. He showed the audience how his own pump could be remotely hacked by breaking into it while giving his talk.

Radcliffe said the ability to hack into someone else’s insulin pump could allow the hacker to program a diabetic patient’s pump to deliver the wrong dosage.  The pumps are programed to give individually specific, closely titrated doses of insulin.

The insulin pump manufacturer, Medtronic Inc. admitted to a Reuters reporter that such subterfuge is possible, but the chances of it happening are very remote.  In addition, Medtronic said it was going to improve security in its next generation of insulin pumps.

A Medtronic spokeswoman was quoted by the Associated Press (AP) as saying, “the risk of deliberate, malicious, or unauthorized manipulation of our insulin pumps is extremely low.”

Radcliffe said that at first he didn’t reveal the company’s name because he wanted to give it time to address the problem.  He said he contacted Medtronic about the security fallibility of its pump, but the company ignored his emails and telephone calls. At that point, Radcliffe decided to go public.  He also has changed the manufacturer of the pump he wears to one he believes is more secure.

A similar computer vulnerability issue was revealed in 2008 regarding a Medtronic’s pacemaker and defibrillator, the AP said.

Medtronic, headquartered in Minneapolis, Minnesota, is among the world’s largest medical device manufacturers, with locations worldwide.

(Source: Associated Press)