The healthcare giant discovered a vulnerability in its J&J Animas OneTouch Ping insulin pump that could allow hackers to overdose diabetic patients with insulin.
Although the company knows of no examples of this occurring, they are advising customers on how to protect from a potential hack, reports Reuters.
The J&J Animas is equipped with a wireless remote control that allows patients to receive a dose of insulin without having to access the device itself. Hackers can potentially spoof communications between the remote and the device.
According to Reuters, the issue is due to the non-encrypted communications.
However, Johnson & Johnson says that the hack would require technical expertise and sophisticated equipment. In addition, the hacker would have to be within 25 feet of the device in order to gain unauthorized access.
Concerned users of the device can discontinue use of the remote control or program the pump to limit the maximum insulin dosage. Johnson & Johnson urges patients to continue use of the device, despite the low risk of the security vulnerabilities, according to Reuters.
If a diabetes patient receives too much insulin, they can suffer from hypoglycemia, which could be life threatening in some cases.
The news comes after concerns over potential vulnerabilities and bugs in pacemakers and defibrillators. Reuters reports that the U.S. Food and Drug Administration (FDA) is preparing formal guidelines on how medical device makers should handle cyber vulnerabilities.
The FDA says it has received no reports of hackers exploiting medical devices and causing harm to patients.