Insulin pump hack exposes medical device danger

A computer threat analyst on Saturday will show a gathering of hackers how easy it is to wirelessly take control of an insulin pump on which a diabetic's life could hinge.


Jerome "Jay" Radcliffe's demonstration at DefCon in Las Vegas will spotlight a critical need to build software defense into pace makers, insulin pumps and other medical gadgets getting "smarter" with computer chips.

"If you look at the history of hacking medical devices, worms and viruses are running rampant," said 'informatics nurse' and hacker Brad Smith, who specializes in medical software.

The list of medical gadgets vulnerable to being hacked wirelessly includes pace makers, intravenous pumps, and blood pressure cuffs, according to Smith.

Radcliffe was diagnosed with diabetes about 11 years ago, when he was 22, and recently employed his software skills to find out whether an insulin pump trusted to keep his blood sugar levels safe could be hacked.

He found he could remotely toy with dosage levels or turn it off.

"It turns out that with this model there is no security," Radcliffe said. "All you need is a serial number to talk to it."

He said that prices of insulin pumps, which cost in the thousands of dollars, precluded him from expanding his research to determine how widespread the vulnerability is.

Radcliffe didn't disclose his insulin pump model nor did he outline critical details of the hack to allow time for the maker to address the situation and to avoid tempting DefCon attendees known for software mischief.

"We are not talking about $200 dollars on someone's credit card," Radcliffe said in a reference to hacks for profit. "We are talking about somebody's life."

Medical devices built with wireless connectivity can face the kinds of cyber attacks launched on smartphones, tablets, or laptop computers with similar capabilities, according to Smith.

"We have talked about this in the medical community forever," Smith said. "We have swept it under the carpet."

Radcliffe was wearing his insulin pump at DefCon on Friday and urged diabetics not to panic.

"I'm target Number One right here in the middle of all these hackers, and I have my pump on," he told AFP. "I hope that tells people how worried they should be."

He has shared his findings with the pump maker and been approached by a rival company that boasted of building in strong software defenses.

About The Operating Theatre Journal

The Operating Theatre Journal, OTJ, is published monthly and distributed to every hospital operating theatre department in the UK. The distribution includes both the National Health Service and the Private Sector.

More »
Follow & Share

Follow The Operating Theatre Journal on Facebook Follow The Operating Theatre Journal on Twitter Follow The Operating Theatre Journal on LinkedIn Follow The Operating Theatre Journal RSS Feed

Help & Support

Problems with, or comments about, this website may be emailed to:

Get in touch

Telephone: +44 (0)2921 680068
Skype: Lawrand Ltd
Email: admin@lawrand.com