Can Medical Devices Be Hacked? Johnson & Johnson Says Yes.

- October 5th, 2016

Johnson & Johnson is warning customers that its Animas OneTouch Ping Insulin pump can be hacked—a cybersecurity vulnerability that could be deadly.

Johnson & Johnson (NYSE:JNJ) is warning customers that its Animas OneTouch Ping Insulin pump can be hacked—a cybersecurity vulnerability that could be deadly. And while the FDA says it knows of zero medical device hacking attempts to date, the subject is one of growing concern. In fact, St. Jude Medical (NYSE:STJ) was accused of ignoring serious cybersecurity vulnerabilities in its own medical devices just last month.
So can medical devices be hacked? Absolutely.
With the Animas OneTouch Ping Insulin pump, for example, hackers may tamper with unencrypted communications between a wireless remote and the pump itself, triggering a potential insulin overdose in users.
And while Johnson & Johnson says the threat is minimal—the hacker would need significant technical knowledge and be standing no more than 25 feet away—the mere possibility of an attack on patients has caused the company to take rapid action.
After verifying the vulnerabilities, first discovered by Rapid7’s Jay Radcliffe, and consulting with the FDA, Johnson & Johnson sent a letter to 114,000 users in North America explaining the security issue and how it could be resolved.
The company recommends discontinuing use of the wireless remote or setting a maximum dose limit on the device itself, steps that Radcliffe deemed sufficient: as he told Fortune, “They can give peace of mind to to the patient or parent of a child using the device.”
But the solution isn’t always so simple. St. Jude Medical, for example, was accused of multiple vulnerabilities in its products—ones so severe that the devices would all need to be recalled. “There is a strong possibility that close to half of STJ’s revenue is about to disappear for approximately two years,” the report from Muddy Waters Research claimed.
No wonder that medical device manufacturers, as well as the FDA, are starting to reexamine the question of cybersecurity.
By sending that letter to customers, Johnson & Johnson became the first medical device manufacturer to ever warn customers about a hacking threat—but they probably won’t be the last. In fact, the FDA is betting on it.
The regulatory body is currently formulating guidelines for medical manufacturers on how they should respond to reports on their products’ cybersecurity—such as those that came out of Muddy Waters Research or Rapid7 in recent months. That suggests they see this as ongoing issue going forward—and therefore, it’s something investors should pay attention to.

  Life Science and Healthcare Investing report cover

Life Science and Healthcare Investing in 2021

The life science and healthcare market is a booming, multi-billion dollar industry. Read our 2021 life science outlook report!

A cybersecurity scandal, verified or not, has the potential to derail a company. Just look at St. Jude Medical: the company says accusations against their products are unfounded, and yet the stock still dropped four percent as a result.
Now, the company is wrapped up in a lawsuit as they attempt to close an acquisition deal with Abbott Laboratories (NYSE:ABT)—hardly an ideal situation.
Proactive measures would seem to be a company’s best defense. Johnson & Johnson, for example, informed customers of the cybersecurity vulnerability on September 26, 2016, before Rapid7 published their report. In the days since, the company’s stock has been minimally affected: in fact, it actually gained .01 percent between September 26 and October 4.

Don’t forget to follow us @INN_LifeScience for real-time news updates.

Securities Disclosure: I, Chelsea Pratt, hold no direct investment interest in any company mentioned in this article.

  Life Science and Healthcare Investing in 2020 report cover

An Overview for Investors

COVID-19 continues to impact world markets. Get INN’s overview of coronavirus investing.

Get the latest Medical Device Investing stock information

Get the latest information about companies associated with Medical Device Investing Delivered directly to your inbox.

Medical Device Investing

Select None
Select All

Leave a Reply