The Invisible Threat
The coronavirus isn’t the only invisible threat we’re facing these days. As the diabetes device world continues to become interconnected with information being seamlessly shared a new hidden threat has emerged. Just the other day the Department of Homeland Security issued an advisory regarding the OmniPod PDM. The advisory states;
“Successful exploitation of this vulnerability may allow an attacker to gain access to the affected products to intercept, modify, or interfere with the wireless RF (radio frequency) communications to or from the product. This may allow attackers to read sensitive data, change pump settings, or control insulin delivery.”
Insulet isn’t the first insulin pump company to deal with this issue as Medtronic has also been hit with this same issue. Now before we go any further a few very important items;
1. Insulet to their credit hired a third party to investigate any possible cyber threats and further to their credit reported the results of the investigation which resulted in the above noted advisory.
2. While this issue is very real and is a huge potential threat no one in the insulin pump community sees this as an immediate threat. Thankfully all the insulin pump companies are talking steps to ensure the safety of their systems. As we keep stating insulin may be a life sustaining drug but it also a lethal drug when dosed improperly, hence the reason insulin pump companies are taking this matter seriously.
3. Given the movement towards interoperability this is the area we see the biggest potential threat and not just with insulin pumps. Any system which is involved in the insulin dosing process and reports results via the cloud faces this threat. Hence this is an issue facing Dexcom and Abbott, who like the insulin pump companies are taking this threat seriously.
The real concern we have is not with companies like Tandem, Insulet, Medtronic, Dexcom or Abbott. These companies understand the threat and have the resources to deal with it. No the concern we have is for every patient using an off the shelf non-FDA approved system. To be clear here we are in no way implying that the makers of these systems are not aware of the threat rather our concern is are they equipped to deal with the threat.
From the beginning the we want it yesterday movement has pushed the edge of the envelope. To their credit they have forced the conventional insulin pump companies to rethink how their systems work. However an Achilles heel of this movement has been the disjointed efforts to handle patient support. Sure interoperability is great when all the links in the chain work as designed. The problem comes when one of the links doesn’t work.
As insulin delivery becomes more automated with the patient making fewer decisions it’s imperative that these systems are secure. It’s equally imperative that the manufacturers of these systems have the resources and infrastructure in place to deal with an attack should it happen. As we are learning with the coronavirus, another threat that many thought unlikely, things like supply chain and preplanning can make the difference between life and death. Who in the right mind would have thought only a few weeks ago that something as inconsequential as facemask would become a lifesaving scare tool? That ventilators would be a critical medical device.
The major established diabetes device makers also have another reason to take this matter seriously. Not to be crude about this but these are for-profit entities who have a responsibility to their stakeholders. While the efforts of the we want it yesterday are noble who holds these groups accountable. What recourse does the patient have should they get bad information. Again let’s be clear here we are not saying these groups do not care about patients, quite the contrary they care deeply about patients. However being unregulated and not subject to any fiduciary responsibility where is the accountability when something goes wrong.
With all the strides we have made over the years one thing hasn’t and never will change when it comes to medical devices. Medical devices can and do fail or malfunction. Thankfully the established companies are taking this matter seriously but even with their efforts they understand they cannot let their guard down.
As Momma Kliff used to say insurance is one of the few things you buy hoping you never need it but your grateful that you have it when it is needed. Let’s hope and pray that this invisible threat remains just that a threat and never ever rears its ugly head. However as we are seeing right this very moment invisible threats are very real and should not be dismissed just because they seem unimaginable.