Exclusive: Medtronic probes insulin pump risks
By Jim Finkle
BOSTON (Reuters) - Medtronic Inc has asked software security experts to investigate the safety of its insulin pumps, as a new claim surfaced that at least one of its devices could be hacked to dose diabetes patients with potentially lethal amounts of insulin.
While there are no known examples of such a cyber attack on a medical device, Medtronic told Reuters that it was doing "everything it can" to address the security flaws.
Security software maker McAfee, which has a health industry business, exposed the new vulnerability in one model of the Medtronic Paradigm insulin pump on Friday and believes there could be similar risks in others.
Medtronic and McAfee declined to say which model is involved or how many such pumps are currently used by patients. It has two models of insulin pumps on the market and supports six older versions, with about 200,000 currently in use by patients.
The finding points to a broader issue -- the potential for cyber attacks on medical devices ranging from diagnostic equipment to pumps and heart defibrillators, which rely on software and wireless technology to work.
"This is an evolution from having to think about security and safety as a healthcare company, and really about keeping people safe on our therapy, to this different question about keeping people safe around criminal or malicious intent," Catherine Szyman, president of Medtronic's diabetes division, said in an interview.
Szyman, whose nephew uses a wearable Medtronic insulin pump, said the company turned to McAfee rival Symantec Corp and other security firms after an independent researcher exposed less serious vulnerabilities in the pumps in August.
Since then, a research team at Intel Corp's McAfee said it has developed code that allows it to gain complete control of the functions of one Medtronic insulin pump model from as far away as 300 feet. Continued...