http://type2diabetestreatment.net/diabetes-mellitus/on-diabetes-devices-and-cybersecurity/
Chances are that your insulin pump or other diabetes device won’t be threatening your life via evil hacking any time soon, despite what Hollywood, the media, and conspiracy theorists may try to say otherwise.
But the potential is there for some lower-level security breaches in medical technology and that"s enough to cause concern.
Seriously, it"s hard not to be somewhat jittery about hacking and cybersecurity these days, with all the breaches we hear about. I"ve personally had two notices in the past year from healthcare providers and one from an insurer saying my information had been "compromised" -- meaning my name, address, social security number, and health data was in the hands of... someone who may misuse it.
That"s why government officials, FDA regulators, and citizen hackers are working proactively to address cybersecurity concerns in diabetes before they become a reality.
Diabetes Technology Society (DTS) Addresses Cybersecurity
Right now, the Northern California-based Diabetes Technology Society is leading the charge, with cybersecurity being a key theme at the organization’s annual meeting held this past week in Bethesda, MD, on Oct. 23-24. We weren"t there, but from the meeting agenda it looked like a great lineup.
The Friday Opening Keynote speaker was scheduled to be Daniel B. Prieto, Director of Cybersecurity, Privacy and Civil Liberties for the National Security Counsel at the White House! He wasn"t actually able to attend last-minute, but having his ear on this topic is pretty high-level involvement for something like diabetes device hacking.
The meeting also featured a comprehensive session on the topic that included a presentation by Bryan Cunningham of the Cybersecurity and Public Policy firm Cunningham Levy Muse on “Identifying and Addressing Potential Cybersecurity Legal Liability Risks for the Diabetes Device Community.”
That was followed by an expert panel discussion on DTS’ proposed solution to the problem: a new industry-wide CyberSecurity Standard.
First announced in June at the big annual American Diabetes Association conference, the DTSec (DTS Cybersecurity Standard for Connected Diabetes Devices project) is being created with the support from FDA, Centers for Medicare and Medicaid Services (CMS) and even the Dept. of Homeland Security -- wow!
"The cybersecurity for diabetes devices right now isn"t where it should be," said Dr. Barry Ginsberg, a diabetes consultant and device expert in New Jersey who serves as co-chair of the DTS Cybersecurity Project Committee and was part of the panel at the DTS meeting.
"Most of the industry hasn"t done this adequately, even with everything we have today in mobile health. Some have, but many have not. We expect this DTS meeting and project to raise the profile of this conversation."
We’re told that the new DTS cybersecurity committee now has roughly 30 members -- ranging from medical professionals, industry execs and cybersecurity experts from Intel and McAfee, diabetes educators, "white hat" citizen hackers, engineers who"ve worked on many high-tech D-devices, and government officials from the National Institutes of Health (NIH), FDA, and Homeland Security. Not to mention others who"ve spearheaded standards on other issues, like diabetes device interoperability and Bluetooth enabling.
What about patients, we asked?
"Half of the people on the committee have diabetes, so the patient voice is well-represented," Ginsberg tells us.
The committee met for the first time in July and again this past week just before the DTS annual meeting, and from here it will focus on finalizing the draft guidance they"re developing.
Quashing Security Scares in Diabetes Tech
Remember that highly publicized insulin pump hacking scare back in 2011 involving Animas pumps? And then how the hacker involved, type 1 diabetic tech expert Jay Radcliffe began working with FDA in 2013?
There"s no official word on what"s come out of that collaboration, but hopefully whatever work’s been done will also be fed into this new DTS cybersecurity standard.
Meanwhile, Ginsberg points out that the CGM in the Cloud/Nightscout group offered a lot of insight to committee members.
"The Nightscout people gave us an incredible amount of info that we didn"t know. They"ve been hacking at this for some time, and they know more about this than many do," he said. "Many pumps (but not all) talk to controllers by broadcasting the serial number, and the controller recognizes that, shares it, and they"re then ready to talk to each other. And that"s how the hackers do it -- then you can mimic the controller."
He says they"ve also learned that with some insulin pumps, the communication function is not a built-in command but a “debug” that"s designed to be a backdoor for engineers just to fix the pump if needed. But once you are in, you can theoretically do anything with that pump -- like changing pre-programming settings that include insulin doses. Yikes!!
That’s scary, but also fascinating.
So how will this DTS committee address all this?
Ginsberg tells us the group certainly doesn’t want to make devices, technology, or apps more complicated than they are now; they want to make sure that people still want to use them, and the improvement in cybersecurity shouldn"t change that.
A Voluntary Standard
Ginsberg reminds us that there’s no way to crystallize these standards into a requirement.
"We can"t force anything onto anyone, so we are working to set voluntary standards for cybersecurity," Ginsberg says.
The idea is that “market pressure” will force vendors to get on board, as we customers push for safer products and competitors begin signing on with the standard, one by one.
The committee plans to get the specific requirements finalized by the end of the first quarter of 2016. "How much of a standard it becomes… really depends on how much the FDA adopts this and whether people say they only want a product certified using this standard. We can"t determine how useful it"s going to be in the end."
We also asked if this would apply to all diabetes devices. "When a device is transmitting data to another device that will determine insulin doses, that"s a real potential security issue… Blood glucose monitors require some degree of security, but unless they"re used for insulin dosing, security isn"t as important," Ginsberg explains.
“Still, a meter that"s Bluetooth-ing data to a smartphone, and that phone has an app with a dosing calculator on it -- that means you"re going to need more security,” he added. Right!
Of course, adding features for cybersecurity requires additional money and R&D resources from manufacturers, so companies will undoubtedly be hesitant.
"The trick will be to make this so much worth doing that you can"t ignore it, but yet not so burdensome where vendors can"t get on board,” Ginsberg said.
Disclaimer: Content created by the Diabetes Mine team. For more details click here.Disclaimer
This content is created for Diabetes Mine, a consumer health blog focused on the diabetes community. The content is not medically reviewed and doesn"t adhere to Healthline"s editorial guidelines. For more information about Healthline"s partnership with Diabetes Mine, please click here.
Type 2 Diabetes TreatmentType 2 Diabetes Diet
Diabetes Destroyer Reviews
Original Article
#DiabetesMellitus
No comments:
Post a Comment