Things Are Changing!

The migration of TuDiabetes has begun

Content created between now and the launch of our new site on April 20th will NOT be moved to that new home, but our community values and Terms of Service still apply during this time.We are not accepting new members during this transition period. If you want to join the TuDiabetes community please send an e-mail to We will send you an invitation to join after the migration is completed.

Read about the migration and see images of the new site!

Are Insulin Pumps Subject To Hacking?

The short answer is that if you own a Medtronic insulin pump that is able to transmit data to a computer, then it is not a secure device. What does that mean? According to numerous news reports dating back to as early as 2008, a hacker has showed a proof of concept device and software hack that can take control of most Medtronic insulin pumps.

In 2011, in Miami, Barnaby Jack of McAfee, demonstrated a tool to take control of a Medtronic pump, deliver a massive dose of insulin, retrieve the data stored on the device or change the settings. Further the demonstrated device could scan a large crowd of people acquire a pump up to 300 ft. away perform its dastardly intent. (

Barnaby reported that the hack worked on almost all Medtronic pumps because most have wireless capability. So, is this limited to Medtronic devices? Probably not, Medtronic was chosen because they are one of the largest pump manufacturers. It is likely devices with similar wireless capability are able to be hacked, though I could not find articles dealing with other manufacturers.

Insulin pumps are just the latest medical device shown to be insecure. Jack and a separate researcher showed a proof of concept for hacking a pace maker ( In fact the FDA issued a letter of guidance to hospitals warning of the manipulation of computer aided machines in hospitals. Their advice suggested that older windows controlled devices were likely not being updated and thus were easily available for hacking (

Oh just for fun one hack involved producing a battery warning on an insulin pump, causing the user to change the battery and then during the startup instantly exposing the device to external control ( In this story there is proof of concept that some 300 medical devices, mostly in hospitals, have a terrible tendency to be hacked. It is scary concept but the biggest issue is likely pacemakers and insulin pumps.

Should we be worried? Probably not at this time, let’s face it there is little upside to remotely hacking an insulin pump. Hackers are primarily interested in two things, money and mischief. The money motivation is difficult to imagine. In the proof of concept the hacker needs to be within 300 feet of the target. If you are being blackmailed, moving outside that range solves the issue.

The bigger issue is likely mischief, and frankly most mischief is carried out by youth. Sure there may be some fun in messing with pumps, but the down side is you could get life in prison so is it really something to attack? Frankly the bigger issue is likely hospital equipment. Say someone hates a hospital it is likely they could wreak havoc just for fun or I suppose blackmail. But in order to do that, they would need near access and likely the ability to keep the machines updated, since these devices are often turned off and reset.

Still this is a problem. Why? Because it is doable one knows once it is shown it can be done, someone else will try it. It is just too tempting a target. Will it be aimed at Medtronic insulin pumps alone? Probably not. Let’s say I can remotely deliver 300 units to you. What fun do I get out of that? Maybe if I am a hacker, I might hate someone so much I try to mess them up by messing with their insulin pump, but again you have the big down side.

One writer speculated that an angry spouse could someday commit the perfect crime by hacking their partners pump, but surely there are better ways to check people out of the world. Personally, I would be more concerned about schools. There is no evidence that any of these hacks have escaped into the wild. But if a pump hack did escape, I would be concerned about kids at school, who might for the heck of it try one of these things. In the meantime, we shall hope the hacks are not released and that Medtronic and other pump manufacturers make a more secure interface. Bluetooth which is often used is an incredibly insecure wireless connection. It may be possible to develop proprietary connections and wired access for uploading information.

Finally, the argument is that these standards are lose so users and emergency room personnel need to access the pump without a security setting, both for convenience and immediate access in case of an emergency. Ahh hackers, can’t live with them and you can’t live with them. (yes I meant to say that)



Views: 230

Tags: blog, hacking, insulin, pumps

Comment by shoshana27 on November 14, 2013 at 6:56am


Comment by David Eddy on November 14, 2013 at 11:38am


Have them hack my Omnipod so it will work with the Dexcom now that Insulet has given up on Dex and is going to come up with their own CGM! Just let me know where to stand. :)

Comment by rick (aka: #blankieboy) on November 15, 2013 at 4:14am

David, you stand 30 feet to the left and at the exact moment of the hack you need to clap your hands to the tune, Santa Claus is coming to town. Sorry it is a requirement.


You need to be a member of Diabetes community by Diabetes Hands Foundation: TuDiabetes to add comments!

Join Diabetes community by Diabetes Hands Foundation: TuDiabetes



From the Diabetes Hands Foundation blog...

DHF Joins Diabetes Advocacy Alliance

Diabetes Hands Foundation is incredibly honored to join the Diabetes Advocacy Alliance, an organization with the drive and potential to affect a powerful, positive impact on diabetes and healthcare policy. Diabetes Advocacy Alliance is a 20-member coalition of leading professional Read on! →

Helmsley Charitable Trust Renews Support for DHF

HELMSLEY CHARITABLE TRUST GRANTS SUPPORT TO DIABETES HANDS FOUNDATION FOR FOURTH YEAR  Funding in 2015 to support major transitions in programs and leadership at Diabetes Hands Foundation BERKELEY, CA: February 18, 2015 – The Leona M. and Harry B. Helmsley Read on! →

Diabetes Hands Foundation Team


Melissa Lee
(Interim Executive Director, Editor, has type 1)

Manny Hernandez
(Co-Founder, has LADA)

Emily Coles (Head of Communities, has type 1)

Mila Ferrer
(EsTuDiabetes Community Manager, mother of a child with type 1)

Mike Lawson
(Head of Experience, has type 1)

Corinna Cornejo
(Director of Operations and Development, has type 2)

Desiree Johnson  (Administrative and Programs Assistant, has type 1)


Lead Administrator

Brian (bsc) (has type 2)


Lorraine (mother of type 1)
Marie B (has type 1)

DanP (has Type 1)

Gary (has type 2)

David (has type 2)


LIKE us on Facebook

Spread the word


This website is certified by Health On the Net Foundation. Click to verify. This site complies with the HONcode standard for trustworthy health information: verify here.

© 2015   A community of people touched by diabetes, run by the Diabetes Hands Foundation.

Badges  |  Contact Us  |  Terms of Service