NEW BRUNSWICK, NEW JERSEY — Pharma giant Johnson & Johnson is warning diabetic patients that hackers could exploit a security flaw in one of its devices to deliver a lethal dose of insulin.
The Johnson & Johnson OneTouch Ping system delivers insulin through a catheter. The device is sold with a wireless remote control.
The system is vulnerable to hacking because the signal from the remote control to the device is not encrypted, Reuters reported.
Tests by the company confirmed that hackers could order the device to pump insulin from a distance of up to 25 feet.
Johnson & Johnson advised concerned patients not to use the remote control and to program the pump to limit the maximum insulin dose.
In a letter to patients, the company stressed that the threat from hacking was minimal as hackers would require sophisticated equipment and proximity to the pump. It added that no hacking attempts had been reported by the 114,000 patients who use the device in the U.S. and Canada.
Diabetic patients use insulin pumps to control blood sugar levels. Giving a patient too much insulin could cause low blood sugar, which in some cases may prove fatal.