Mention hacking these days and what immediately springs to mind is probably a scandal across the pond involving some tabloids and Rupert Murdoch. Not insulin pumps.
But two lawmakers are requesting a review of the government’s security standards for wireless medical devices after a diabetic discovered how to remotely reprogram his and other people’s insulin pumps.
Reps. Anna Eshoo of California and Edward Markey of Massachusetts, both Democrats, asked the Government Accountability Office, the investigative arm of Congress, to evaluate the Federal Communications Commission’s efforts to identify the risks of implants and other medical devices that use wireless communications technologies.
They cited new research by Jay Radcliffe, 33, a computer security expert from Idaho, who demonstrated at a conference this month that he could hack into an insulin pump he wears on his body and get it to respond to an unauthorized remote control.
Radcliffe told the Associated Press that he experienced “sheer terror” upon finding that “there’s no security around the devices which are a very active part of keeping me alive.”
He didn’t identify the specific vulnerabilities that allowed him to perform the attack, but has privately alerted the devicemaker—which he did not name—about the issues. Others are likely vulnerable as well.
The techniques raise the possibility of someone roaming a hospital’s halls performing sinister attacks. Diabetics could get too much or too little insulin, a hormone they need for proper metabolism.
Similar attacks have also been shown against pacemakers and defibrillators.