For people who suffer from diabetes, the insulin pump has revolutionized the management of the condition. The device is not only convenient, but it can help manage insulin levels to ensure patients avoid dangerous diabetes complications. Unfortunately, the devices might not be as safe as previously thought. Healthcare giant Johnson & Johnson (J&J) is warning patients that its insulin pump is vulnerable to hacking. J&J has stated its devices have a security vulnerability that could be exploited by hackers to administer an overdose of insulin.

The FDA approved the device, the Animas OneTouch Ping insulin pump, in 2008. The Animas consists of a small wireless remote control, approximately the size of a cell phone, and a small pump that administers insulin.

The Animas is susceptible to hacking because the communication between remote and the insulin pump is not encrypted. Hackers could mimic the communication and cause unauthorized dosages. J&J has assured patients the risk of hacking is extremely low, and that any hacker “would require technical expertise, sophisticated equipment, and proximity to the pump” to successfully hack the device.

If a device was hacked and a patient overdosed on insulin, they could suffer hypoglycemia, a life-threatening condition where a person is suffering from low blood sugar.

The warning is the first of its kind to ever be issued with regard to the cybersecurity of medical devices. The revelation of cybersecurity risks makes some critics worry other digital medical devices could also be hacked. In early August, allegations were made that a heart device from St. Jude’s hospital was vulnerable to cybersecurity issues and the FDA began an investigation.

The warning comes at a trying time for J&J, as the company currently faces a baby powder ovarian cancer trial and a Pinnacle hip implant trial before the end of this calendar year.