Fenwick privacy of counsel Hanley Chew was quoted in the Law360 article “J&J Mea Culpa May Help Contain Device Data Security Fallout” (subscription required). Law360 reported that Johnson & Johnson's disclosure that its insulin pump is vulnerable to hackers will likely draw interest from both consumers and regulators who may cast a critical eye on the connected device's lack of encryption.
Chew discussed what the company’s disclosure indicates, and how its decision to reveal the security risk before a breach occurred could help it stave off some backlash.
"What this disclosure highlights is that when you have an unencrypted communication or network, there is always the risk and potential for unauthorized access by hackers,” Chew said.
“Encryption of communications and networks is always a really good security practice, and I think by not encrypting their communications for this insulin pump device, they're opening themselves up not only to negligence claims but also to possible scrutiny and enforcement action by the U.S. Food and Drug Administration.”