| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to a security vulnerability in a medical device, specifically the J&J Animas OneTouch Ping insulin pump, occurred within Johnson & Johnson. The company issued warnings to patients about the cyber vulnerability in the insulin pump and provided advice on how to mitigate the risks [48877].
(b) The article mentions a previous incident involving allegations of potentially life-threatening cyber vulnerabilities in heart devices from St. Jude Medical Inc. This incident led to a public disclosure and investigation by the U.S. Food and Drug Administration (FDA) [48877]. Additionally, the FDA had previously issued warnings about cyber bugs in infusion pumps from Hospira, which has since been acquired by Pfizer Inc [48877]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the article is related to the design phase. The vulnerability in the J&J Animas OneTouch Ping insulin pump was due to the lack of encryption in the communications between the wireless remote control and the pump, allowing a hacker to potentially spoof communications and deliver unauthorized insulin injections [48877].
(b) The software failure incident is also related to the operation phase. The potential risk of a hacker exploiting the vulnerability in the insulin pump to overdose diabetic patients with insulin would occur during the operation of the device when a patient uses the wireless remote control to order the pump to dose insulin [48877]. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident related to the Johnson & Johnson insulin pump, specifically the OneTouch Ping system, was due to vulnerabilities within the system itself. The incident involved a security vulnerability that could be exploited by hackers to potentially overdose diabetic patients with insulin. The vulnerability was related to the lack of encryption in the communications between the wireless remote control and the insulin pump, allowing for unauthorized insulin injections to be forced [48877]. This indicates that the failure originated from within the system itself, highlighting a flaw in the design and implementation of the software within the medical device. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was primarily due to non-human actions, specifically a security vulnerability in the J&J Animas OneTouch Ping insulin pump that could be exploited by a hacker to overdose diabetic patients with insulin. The vulnerability allowed for unauthorized insulin injections by spoofing communications between the wireless remote control and the insulin pump, as these communications were not encrypted to prevent unauthorized access [48877].
(b) However, human actions were also involved in addressing the issue. J&J executives worked with a diabetic and researcher from a cyber security firm to identify and address the security issues in the pump. They reviewed the matter with the FDA and collaborated with security researchers to mitigate and disclose the vulnerability. J&J's Chief Information Security Officer mentioned that her team would ensure that other J&J products do not have similar bugs, indicating human actions taken to prevent future incidents [48877]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
The software failure incident reported in the articles is not directly related to hardware issues. The vulnerability in the Johnson & Johnson Animas OneTouch Ping insulin pump was due to a cyber vulnerability that could be exploited by hackers to overdose diabetic patients with insulin. The vulnerability stemmed from the lack of encryption in the communication between the wireless remote control and the insulin pump, allowing for unauthorized insulin injections [48877].
(b) The software failure incident related to software:
The software failure incident in this case is directly related to software issues. The vulnerability in the Johnson & Johnson Animas OneTouch Ping insulin pump was a result of software-related factors, specifically the lack of encryption in the communication protocol between the remote control and the insulin pump. This software vulnerability allowed hackers to potentially manipulate the pump to deliver unauthorized insulin doses, posing a risk to patient safety [48877]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case is malicious. The vulnerability in the J&J Animas OneTouch Ping insulin pump was identified as a security vulnerability that a hacker could exploit to overdose diabetic patients with insulin. The hacker could potentially force the pump to deliver unauthorized insulin injections by spoofing communications between the remote control and the pump. This type of attack could lead to serious consequences such as hypoglycemia, which can be life-threatening [48877].
(b) The software failure incident is non-malicious in the sense that the company, Johnson & Johnson, took proactive steps to address the vulnerability once it was identified. They worked with the researcher who discovered the vulnerability, Jay Radcliffe, to address the security issues. Additionally, the FDA praised both J&J and Rapid7 for their work in discovering, mitigating, and disclosing the vulnerability in a collaborative manner to protect patients [48877]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident related to the security vulnerability in Johnson & Johnson's insulin pump, the OneTouch Ping, can be attributed to poor decisions. The vulnerability that could potentially allow hackers to overdose diabetic patients with insulin was due to the lack of encryption in the communication between the wireless remote control and the pump. This poor decision to not encrypt the communication contributed to the security flaw [48877].
(b) Additionally, the incident can also be linked to accidental decisions or unintended consequences. While the company believed the probability of unauthorized access to the system was low, the discovery of vulnerabilities by a diabetic and researcher with cyber security firm Rapid7 Inc highlighted the unintended consequences of not securing the communication between the remote control and the pump, leading to potential risks for patients [48877]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the article. Johnson & Johnson issued a warning to patients about a security vulnerability in its insulin pump, the J&J Animas OneTouch Ping, that could be exploited by hackers to overdose diabetic patients with insulin. The vulnerability was identified by a diabetic and researcher with cyber security firm Rapid7 Inc, Jay Radcliffe, who found ways for a hacker to spoof communications between the remote control and the insulin pump, potentially causing unauthorized insulin injections [48877].
(b) The software failure incident related to accidental factors is also present in the article. The vulnerability in the insulin pump system was due to unencrypted communications between the remote control and the pump, making it susceptible to hacking. This lack of encryption was a design flaw that allowed for potential unauthorized access and insulin dosing from a distance, highlighting an accidental introduction of a vulnerability in the system [48877]. |
| Duration |
temporary |
The software failure incident related to the security vulnerability in Johnson & Johnson's Animas OneTouch Ping insulin pump can be considered a temporary failure. This is because the vulnerability was identified by a researcher with cyber security firm Rapid7 Inc, who reported the vulnerabilities to J&J in April [48877]. J&J executives worked on the security issues with the researcher, and steps were taken to mitigate the risks, such as providing advice to customers on how to fix the problem, including discontinuing the use of the wireless remote control and programming the pump to limit the maximum insulin dose [48877]. Additionally, the FDA praised J&J and Rapid7 for their work in discovering, finding ways to mitigate, and disclosing the vulnerability, indicating proactive behavior in addressing the issue [48877]. |
| Behaviour |
value, other |
(a) crash: The software failure incident in the article does not involve a crash where the system loses state and does not perform any of its intended functions. The vulnerability in the insulin pump system does not lead to a complete system failure but rather a potential security risk that could result in unauthorized insulin injections [48877].
(b) omission: The incident does not involve the system omitting to perform its intended functions at an instance(s). Instead, the vulnerability allows for potential unauthorized insulin dosing, which is an unintended action [48877].
(c) timing: The failure is not related to the system performing its intended functions correctly but too late or too early. The issue here is not about timing but about the potential for unauthorized insulin dosing due to a security vulnerability [48877].
(d) value: The software failure incident does involve the system performing its intended functions incorrectly. The vulnerability in the insulin pump system could potentially lead to unauthorized insulin injections, which is an incorrect action that could harm patients [48877].
(e) byzantine: The incident does not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. The vulnerability in the system does not involve inconsistent responses but rather a potential security loophole that could be exploited for unauthorized actions [48877].
(f) other: The behavior of the software failure incident can be categorized as a security vulnerability leading to potential harm rather than a traditional software failure like a crash or timing issue. The incident involves a cybersecurity risk where a hacker could exploit the system to overdose diabetic patients with insulin, highlighting the importance of addressing security vulnerabilities in medical devices [48877]. |