Johnson & Johnson Information for VU#884840

Animas OneTouch Ping insulin pump contains multiple vulnerabilities

Status

Affected

Vendor Statement

"There are no plans to release a firmware update, however a notification is being sent to patients and HealthCare Professionals. In addition, there are a number of documented and proprietary mitigating controls in place to ensure the safe delivery of insulin, outlined below.

    i. If patients are concerned about unauthorized access for any reason, the pump’s radio frequency feature can be turned off, which is explained in Chapter 2 of Section III of the OneTouch® Ping® Owner’s Booklet. However, turning off this feature means that the pump and meter will no longer communicate and blood glucose readings will need to be entered manually on the pump.
    ii. If patients choose to use the meter remote feature, another option for protection is to program the OneTouch® Ping® pump to limit the amount of bolus insulin that can be delivered. Bolus deliveries can be limited through a number of customizable settings (maximum bolus amount, 2-hour amount, and total daily dose). Any attempt to exceed or override these settings will trigger a pump alarm and prevent bolus insulin delivery. For more information, please see Chapter 10 of Section I of the OneTouch® Ping® Owner’s Booklet.
    iii. The company also suggests turning on the Vibrating Alert feature of the OneTouch® Ping® System, as described in Chapter 4 of Section I. This notifies the user that a bolus dose is being initiated by the meter remote, which gives the patient the option of canceling the bolus.
    iv. The bolus delivery alert and the customizable limits on bolus insulin can only be enabled on the pump and cannot be altered by the meter remote. This is also true of basal insulin. Patients can also be reminded that any insulin delivery and the source of the delivery (pump or meter remote) are recorded in the pump history, so patients can review the bolus dosing."

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    None

    Addendum

    There are no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.