Today the Federal Drug Administration confirmed reports that
a death from insulin overdose earlier this week in New York City was the result
of the hack of the Robotron IPumpe worn by the patient. FDA spokesperson Clark
Stanley told reporters that the unnamed patient had been using the insulin pump
for over a year with no problems and that the pump log showed an unauthorized
change in pump rate just before the patient went into an insulin shock. The
patient was declared dead upon arrival at Emanuel Unity Hospital.
“We are working with ECS-CERT and the Federal Bureau of
Inquiry in our investigation of this incident,” Stanley told reporters.
“The attacker was able to gain access to the pump programing
via the Ripple20 vulnerabilities reported earlier this month,” Immanuel C.
Securitage, spokesman for the ECS-CERT told reporters; “The access to the
device was via the Bluetooth service that is designed for use by physicians to
program the device.”
Last week Robotron published a security advisory for the
Ripple20 vulnerabilities in their Healthcare product line. The IPumpe had been
identified as an affected product, but that “there is no risk to the patient
because the device is not connected to the Interent.” Robotron has not replied
to requests for comment.
Johnathan Quest, the FBI spokesperson confirmed that: “The
Bureau has identified a person of interest in this case and is continuing its
investigation.”
CAUTIONARY NOTE: This is a future
news story –
No comments:
Post a Comment