(Reuters) - The following is the text of a letter mailed to patients on Monday by Johnson & Johnson's Animas diabetes unit describing a cyber security vulnerability in its Animas OneTouch Ping insulin pump:
"Dear Valued Animas® OneTouch® Ping® Pump User,
Since 2008, the OneTouch® Ping® insulin pump system has been helping people with diabetes perform at their best, and we are committed to providing our customers with safe and reliable products.
We have been notified of a cybersecurity issue with the OneTouch® Ping®, specifically that a person could potentially gain unauthorized access to the pump through its unencrypted radio frequency communication system. We want you to know that Animas has investigated this issue and has worked with the appropriate regulatory authorities and security experts, as we are always evaluating ways to further ensure patient safety and security.
We also want to assure you that the probability of unauthorized access to the One Touch® Ping® System is extremely low. It would require technical expertise, sophisticated equipment and proximity to the pump, as the OneTouch Ping® system is not connected to the internet or to any external network. In addition, the system has multiple safeguards to protect its integrity and prevent unauthorized action.
If you are concerned about unauthorized access for any reason, the pump’s radio frequency feature can be turned off, which is explained in Chapter 2 of Section III of the OneTouch® Ping® Owner’s Booklet. However, turning off this feature means that the pump and meter will no longer communicate and blood glucose readings will need to be entered manually on the pump.
If you choose to use the meter remote feature, another option for protection is to program the OneTouch® Ping® pump to limit the amount of bolus insulin that can be delivered. Bolus deliveries can be limited through a number of customizable settings (maximum bolus amount, 2-hour amount, and total daily dose). Any attempt to exceed or override these settings will trigger a pump alarm and prevent bolus insulin delivery. For more information, please see Chapter 10 of Section I of the OneTouch® Ping® Owner’s Booklet.
We also suggest turning on the Vibrating Alert feature of the OneTouch® Ping® System, as described in Chapter 4 of Section I. This notifies the user that a bolus dose is being initiated by the meter remote, which gives the patient the option of canceling the bolus.
The bolus delivery alert and the customizable limits on bolus insulin can only be enabled on the pump and cannot be altered by the meter remote. This is also true of basal insulin. We also remind you that any insulin delivery and the source of the delivery (pump or meter remote) are recorded in the pump history, so you can review the bolus dosing.
The OneTouch® Ping® System continues to be safe and effective for helping you manage your diabetes. If you have any questions, please contact Animas Customer Technical Support at RA-ANMUS-CustomSupp@its.jnj.com or 1-877-937-7867.
Reporting by Jim Finkle; editing by Jonathan Weber and Grant McCool