← Back to home
ICSMA-16-279-01  ·  Published 2025-06-05  ·  View on CISA ICS-CERT ↗

Animas OneTouch Ping Insulin Pump Vulnerabilities

CVSS 6.5 MEDIUM

CVEs (3)

Remediations

  • Animas does not plan to release a firmware update to address the identified vulnerabilities. Animas reports that customer notifications are being sent to patients and HealthCare professionals, which is available on Animas’ web site at the following location: (https://www.animas.com/sites/default/files/pdf/FINAL%20Letter%20to%20patients%20regarding%20OTP_10.04.16.16_WEB%20VERSION.PDF)
  • Animas has provided the following compensating controls to help reduce the risk associated with the exploitation of the identified vulnerabilities:
  • The pump’s radio frequency feature can be turned off, which is explained in Chapter 2 of Section III of the OneTouch Ping Owner’s Booklet. However, turning off this feature means that the pump and meter remote will no longer communicate and blood glucose readings will need to be entered manually on the pump.
  • If patients choose to use the meter remote feature, another option for protection is to program the OneTouch Ping pump to limit the amount of bolus insulin that can be delivered. Bolus deliveries can be limited through a number of customizable settings (maximum bolus amount, 2-hour amount, and total daily dose). Any attempt to exceed or override these settings will trigger a pump alarm and prevent bolus insulin delivery. For more information, please see Chapter 10 of Section I of the OneTouch Ping Owner’s Booklet.
  • Animas also suggests turning on the Vibrating Alert feature of the OneTouch Ping system, as described in Chapter 4 of Section I. This notifies the user that a bolus dose is being initiated by the meter remote, which gives the patient the option of canceling the bolus.
  • The bolus delivery alert and the customizable limits on bolus insulin can only be enabled on the pump and cannot be altered by the meter remote. This is also true of basal insulin. Patients can also be reminded that any insulin delivery and the source of the delivery (pump or meter remote) are recorded in the pump history, so your patients can review the bolus dosing.
  • For additional information about the vulnerabilities or the compensating controls, users can contact the Animas Customer Technical Support at: (mailto:[email protected]) or 1-877-937-7867.

Affected Vendors

Animas

Affected Products (1)

Animas · OneTouch Ping insulin pump system vers:all/*

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more