Computer security firm StaffSecurity has revealed flaws in the software controlling insulin pumps that could allow malicious attackers to take control of the pump and even endanger the health of the user.

The vulnerability was revealed at a computer security conference held in Las Vegas. Jay Radcliffe, himself a diabetic, broke the news about the security flaws: “My initial reaction was that this was really cool from a technical perspective. The second reaction was one of maybe sheer terror, to know that there’s no security around the devices which are a very active part of keeping me alive,” said Radcliffe. If hackers were able to exploit the flaws in the devices, they could alter their operation and modify the wearer’s insulin levels.

Research teams at the Massachusetts Institute of Technology and University of Massachusetts are staying one step ahead of these vulnerabilities, already working to remove the security flaws. The teams are developing jammers that patients would wear, thereby disrupting any attempts to execute malicious software through a wireless connection to the pump.

Hackers have exposed security flaws in medical devices in the past. The 2009 Conficker viruses infected hospital computer systems and hundreds of MRI devices around the world, although there was no damage reported. The research teams at MIT and the University of Massachusetts stress that while the security flaws are serious and could potentially cause health problems, there have been no reports in which medical devices were intentionally used to threaten a patient’s health. The teams are working to stay a step ahead of software vulnerabilities and to close them before they become a problem.