Reading:
Threat to Johnson & Johnson’s cyber-security could lead to insulin overdose
Share:

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Threat to Johnson & Johnson’s cyber-security could lead to insulin overdose

Another hacking scandal comes from beneath the murky waters of the World Wide Web.

This time, it’s Johnson & Johnson.

The pharmaceutical manufacturers are warning patients of a cyber-attack where a hacker is thought to have access to the medical pumps that could administer more insulin than necessary, causing diabetic patients to overdose.

It goes without saying, this is a potentially serious issue.

The potential security threat was initially discovered by Senior Security Consultant, Jay Radcliffe, who found that the hackers could gain access because communication on the OneTouch Ping system was not encrypted. If the data had been encrypted then it makes it harder for an unauthorised person to access the information. In short, it turns sensitive information into possibly unintelligible data.

Without getting too technical, the OneTouch Ping system allows patients to use a wireless remote control to pump in their required dose of insulin. By not having the protection of an encrypted form of communication, a hacker could trick the remote control and trigger unauthorised insulin injections. The increased injections could potentially harm users, causing them to have a hypoglycemic reaction.

As far as we’re aware,  no one has suffered as a result of the problem so far; and hopefully no one will!

Playing it down

The company recently released a statement to combat any potential wild theories saying:

“…the probability of unauthorised access to the OneTouch Ping system is extremely low.”

They continue to say that it’s not a cause for panic, and that it’s safe and reliable to use. But people can minimise the risk of an attack by not using the remote control, and by programming the pump to limit the maximum dosage.

This may not stop thousands of users from panicking though.

114,000 patients informed

Moving forward, the standard encryption with a unique key pair could solve these issues and worries of any future cyber-attack. In the meantime, J&J has sent out letters to doctors and around 114,000 patients to warn them of the cyber-attack and the safety precautions they can take.

First time for a medical device hack?

This may be the first time that a medical device manufacturer has announced a potential cyber-security problem affecting a product. The announcement may have been made to ensure protection against any potential risk, so it can be seen as possibly commendable that the manufacturer took such pre-emptive actions.

Then again, we can never be too careful when it comes to cyber security and people’s health.

In another similar case, pacemaker manufacturer St Jude Medical was accused of having a security flaw, but they subsequently sued the company that released the rumours, which were later found to be untrue. If companies and organisations are open and transparent with their customers, this may enhance their credibility as a company. J&J’s shares almost stayed the same post-revelation which could be because they kept their customers well-informed.

As technology expands, there is always going to be inevitable and greater security risks. Companies like J&J should keep their customers well-informed of any security vulnerabilities, even if its a small one. When you compare this with Yahoo, who allegedly took up to two years to release the information that 500 million of their customers’ accounts had been hacked, we see two very different stances.

Moral of the story: keep your customers happy by keeping them in the know.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
SRA
Contact
www.dataleaklawyers.co.uk is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon