Statement from Animas about "pump hack"
Below you will find the statement I just received from the Director of\ Global Communications at Animas Corporation. It complements the post with a Q&A issued by Metronic Minimed yesterday.
The security and safety of our pumpers is of utmost concern to Animas. We have high levels of proprietary security measures in place for all our products, that meet and exceed industry requirements. To date, we are not aware of a single customer complaint or report claiming a security breach with our insulin pumps or wireless glucose management systems.
We are aware of Jerome Radcliffe’s study investigating security attacks on insulin pumps. We closely reviewed his study, which clearly states that the researcher was only able to “hack” into the insulin pump with knowledge of the pump and remote device’s serial numbers.
At Animas, the serial numbers of our products are considered “Personally Identifiable Information,” and as such are closely protected by our privacy policies and security. We protect or patients’ serial numbers with the same protocols we use to protect our patients’ names, social security numbers, and other personal information.
All Animas products and systems are built with encryption algorithms and proprietary radio frequency protocols designed to ensure pairing between a wireless device and pump, and to ensure the devices “speak” to one another in a secure manner. These proprietary algorithms are confirmed between the unique serial numbers of each device. (To ensure our products’ integrity and ability to prevent tampering, Animas cannot share the specific details of these protocols.)
Animas is confident that the security measures we have in place would make it extremely difficult to hack into our products utilizing third party technology.
Thank you again for allowing us to help educate our pumpers on this issue. We appreciate our customers’ trust in us and want to ensure our pumpers that we are committed to delivering the highest quality of products and services, that enhance quality of life.
Replies to This Discussion
-
Permalink Reply by A. K. Buckroth on -
Wow! Never would I have guessed - or even thought - that such a predicament could happen. I am alarmed. However, my trusty Ping is in my pocket. Thank you for the notification! A. K. Buckroth.
-
Permalink Reply by kim on -
so my question, when i read the original story by j. radcliffe, was this.....who would want to kill diabetics, or make them seriously ill?
and my next question was....so the next time my BG is high or low, should i wonder if someone is out there f***ing with my pump?? i don't think i have pissed anyone off enough lately that they would want to mess with my pump.
seriously, i have enough to worry about every day without adding something as ridiculous as this to the mix!!
-
Permalink Reply by Lauren on -
I agree completely!!!! Who would hack into an insulin pump??? and now all these diabetics who are naive ( no offense to them) who are one shots will never want a pump because it's too dangerous haha. It's kind of ridiculous to even do a study on
-
Permalink Reply by Scott E on -
If a Glucose Tablet salesman was at a PWD conference, he might force the crowd into a collective hypo so that he could sell some extra product, but that's all I could think of! :)
-
Permalink Reply by jbowler on -
I'm very surprised that Animas would attempt to develop their own proprietory protocols. Security issues in wireless protocols are well understood and extremely well studied, but many people who are otherwise extremely capable have poor intuitions about security. The *well published* protocols such as bluetooth have, as a result of being well published, received expert scrutiny necessary for them to be truely secure.
Suppose Animas said, "We use a bluetooth, a well published protocol, and we use it with the highest security available. Once our devices have been paired, which always happens under the control of the user, we are confident our devices are secure." In that case I would not be writing this.
Animas's response, however, is seriously flawed; "to prevent tampering... Animas cannot share the specific details of these protocols." The only interpretation of that statement is that if someone knew the details the protocol would be compromised. That's not true of bluetooth (for example.)
Other details of their response create the distinct impression that they don't know what they are doing; the response implies that security relies on the serial number of the device being secret, that the term "extremely difficult" might impress people who do extremely difficult things as a matter of course (e.g. flatlining BG) and that their adherence to HIPAA somehow magically grants computer system security to their products.
-
Permalink Reply by MossDog on -
While I agree with what you are saying jbowler I do not really care what Animas' reply is. If someone wanted to spend the time and money figuring out how to hack my pump, even if Animas had a pump that cannot be hacked that same person will find a different way to do me harm.
-
Permalink Reply by Kelly WPA on -
That is my thought also - if someone wants you dead, they will find a way to do it.
-
Permalink Reply by jbowler on
-
At least part of the problem is that if they can't do basic computer security, to the extent that they can't even issue press releases that can be taken seriously (unlike Medtronic's, which is an excellent example of corporate-speak meaninglessness) then, maybe, Animas can't implement a protocol that is *reliable*.
cf the comments Omnipod users make from time to time about comms failures.
I guess if you don't care, you don't care, but I have a curious, annoying, tendency to care whenever anyone makes a mess of computer security. Too many years hacking computers.
-
Permalink Reply by Jay on -
I tend to agree completely with you. Bluetooth utilizes "channel hopping" about 1900 times per minute. Animas utilizes fixed pairs for their Ping system according to their customer material and their FCC (not FDA).
I know my Ping set off an alarm when I was in a secure area because of its RF activity even with its low power. So it looks like Animas has THE PROBLEM.
-
Permalink Reply by Stemwinder on -
When I read the original story I thought to myself that this guys got to much time on his hands. I don't use a pump but if I did I wouldn't let this thought worry me. I wonder about J. Radcliffe's motives. The fear he has caused could most likely cause more damage than the extremely remote possibility this could actually happen.
Advertisement
REsources
Groups
From the Diabetes Hands Foundation blog...
Together, We Can Get Diabetes Co-Stars to 10,000 Views!
Above is a photo of Diabetes Hands Foundation’s own Manny Hernandez with the stars of the Diabetes Co-Stars Video, “Strength in Numbers.” In case you haven’t heard the news yet, there is a new video making it’s way through the …Continue Reading
Congratulations Diabetes Advocates Scholarship Recipients!
The Diabetes Hands Foundation and Diabetes Advocates Program is proud to announce and congratulate the members of DA who were granted scholarships to attend diabetes conferences in 2013! Thanks to a generous grant from Novo Nordisk, in 2013 we were …Continue Reading
TuDiabetes Team
DHF STAFF
 Manny Hernandez(Co-Founder, Editor, has LADA)
|
DHF VOLUNTEERS
Lead Administrator
 Bradford (has type 1) |
Administrators
 Lorraine (mother of type 1) |
 Marie B (has type 1) |
|
|
|
|
|
|
LIKE us on Facebook
Spread the word
This site complies with the HONcode standard for trustworthy health information: verify here.
© 2013 A community of people touched by diabetes, run by the Diabetes Hands Foundation.
