Are medical hardware device vulnerabilities purely a technical problem, or is a culture of insecurity behind the scenes to blame?
Researchers at Rapid7 disclosed three vulnerabilities in the Animas OneTouch Ping insulin pump that were admittedly at low risk of wide scale exploit. That said, the potential was still there for an attacker to deliver unauthorized insulin injections to the user.
There are a number of reasons why this particular incident raised so many red flags here at SCMagazineUK.com. Firstly, the potential payload is death; there’s no getting around that one simple fact. Secondly, Jay Radcliffe, the researcher involved, had disclosed vulnerabilities in an insulin device some five years before. Thirdly, we warned about drug infusion pump vulnerabilities ourselves last year. Finally, Animas’ parent company Johnson & Johnson’s responses left much to be desired.