Further Response to Insulin Pump Hacking
Dear Valued Customers,
This week there have been additional stories about wireless tampering of insulin pumps and Medtronic’s information security efforts. We wrote an initial blog but wanted to follow up with more information as it is important that you feel safe when wearing your device. First, I’d like to reiterate that we take your well-being and personal security very seriously. In fact, we have already been working over the past several years to incorporate powerful encryption and security measures into our next generation products, including insulin pumps,
But that is not all. We regularly attend industry conferences – including sending engineers to this year’s Black Hat conference where the demonstration originated – to incorporate the latest research into our design process. In addition, we collaborate with outside security experts and across business units to design our products with information security in mind and create rigorous, complex safeguards. And, as always, we closely monitor and follow up on reports from patients as part of our commitment to safety.
However, it is important to note that Medtronic believes the risk of deliberate, malicious, or unauthorized manipulation of our insulin pumps is extremely low. To our knowledge, there has never been a single reported incident of a deliberate attack on an insulin pump user in more than 25 years of insulin pump use.
Of course, communicating that this risk is extremely low doesn’t mean we don’t take the issue seriously. We are committed to protecting your safety through new therapy innovation and security measures.
Finally, in further media interviews the researcher pointed that a portion of our previous blog about turning OFF the wireless feature could use further clarification. We were trying to address what we believed would be your primary concern about whether an insulin pump remote, meter or continuous glucose monitoring device could be used to tamper with your insulin pump. To clarify, the researcher was unable to tamper with the insulin pump through these devices. However, if you are concerned with wireless tampering from these devices, you can turn off your insulin pump’s wireless communications with your meter, CGM or insulin pump remote. You cannot turn off the wireless connection to your USB device. However, the pump will not recognize commands from the USB device without the proper insulin pump serial number.
If you’re still concerned, we recommend that you protect the serial number of your pump as you would your social security number, passwords and other important personal information. As always, it is also important to monitor your blood sugar frequently and before making any therapy decisions, which may further safeguard you in the unlikely scenario that someone would maliciously tamper with your insulin pump.
I am always here if you have any further questions,
Amanda, on behalf of your Medtronic Family