Every day we hear how our electronic safety is non-existent. Our eMails are hacked. Yahoo “checks” your eMail on behalf of the US government. Our electric grid is attacked and shut down (thankfully, only in a narrow geographical region and not nationwide- yet!).

Several years ago, I warned folks that our electronic equipment- the ones that keep us alive in hospitals or as we perambulate around (like pacemakers, defibrillators, and insulin pumps)- are easily hacked. (Here are two such articles:   One and two.) Folks complained I was overreacting. My reply- BS.

And, now, Johnson & Johnson (J&J), Hospira, and St Jude Medical admit there are real problems. J&J even sent a warning letter to patients and physicians that their insulin pump is easily hacked. Kind of like we know that some of those “newfangled credit cards” can be read by someone nearby.

https://www.youtube.com/watch?v=rhW7DM48Qy8

If one is close by (I don’t mean standing next to you- but up to 25 feet away) to a patient whose diabetes is controlled by the OneTouch Ping insulin pump, then the radio signal it emits is easily hacked to begin pumping insulin- too much insulin to the patient. Of course, J&J “tut-tutted” the danger- kind of like the way the US government responded when they left thousands of citizens just as vulnerable to hackers- with their security data, their social security information, and who knows what else.

There are some 115K of these J&J devices out there (that’s in the US and Canada). And, it is one of the prime choices for parents who can remotely access and operate the pump for their kids. (Hmm. Didn’t these adults realize that if they can do it, someone else surely can?)

Hospira was warned by the FDA that their infusion systems are leaving patients at risk. Because a hacker can change the drug delivery rate (intravenously or IV) to patients.

But, the St. Jude case seems more problematic to me. This time, there’s a cybersecurity firm (the recently incorporated, MedSec) involved. Cybersecurity experts normally try to hack devices and, then, let the manufacturers know when they succeed- so there can be a fix made. But, that’s not how MedSec operates. Nope. This firm hooked up with a hedge fund firm (actually, this hedge fund, Muddy Waters, under control of Robert Bryan actually set up MedSec) and Carson Block (who routinely shorts- or bets against the stock price of- firms) to profit off their findings.

Which they did when they found St. Jude defibrillators and pacemakers easily hacked. (St. Jude is attempting to sue these folks for harming their performance. Good luck- St. Jude is clearly the one that failed to effect proper design. But, that shouldn’t allow MedSec, Carson Block, or Muddy Waters to do what they did.)

Don’t think for a second that it’s just these three firms that are leaving patients at risk. Read my articles cited above- and you can see that almost all those electronic devices that we think save our lives or make them better can easily be hacked to leave us in deep trouble.

Let the Cyberwars begin.  Um…. Let them continue?

(You did notice I didn’t bring in the Russian hacking of the Democratic Party, the US/Israeli hack of Siemens [who were violating the Iranian embargo] centrifuges, among other items.  I am only discussing the risk to  our lives from hacking medical devices today.)

Share this: