Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Medicine IT

FDA Warns About Insulin Pump Cybersecurity (axios.com) 38

Something new for diabetes patients to worry about: Someone nearby could potentially connect wirelessly to your Medtronic MiniMed insulin pump, the FDA warned yesterday. From a report: While the agency said that, as far as it knows, no one has actually hacked into someone else's insulin pump and harmed them, this is the future of health care cyber risk. They could then change the pump's settings, causing it to deliver too much or too little insulin to the patient. The agency said that patients using certain models of the pump should switch to less vulnerable ones.
This discussion has been archived. No new comments can be posted.

FDA Warns About Insulin Pump Cybersecurity

Comments Filter:
  • by iggymanz ( 596061 ) on Friday June 28, 2019 @11:47AM (#58840816)

    immature engineers think everything can be an internet connected toy with gee-whiz GUI

    many pumps are already usb charged, how about programming that way you fucking idiots?

  • by Rick Zeman ( 15628 ) on Friday June 28, 2019 @11:51AM (#58840842)

    ....because of this:

    https://www.theatlantic.com/sc... [theatlantic.com]

    • by Anonymous Coward

      If only I had points to upvote this. These same 'vulnerable' pumps are what the looping community is using to build their own DIY artificial pancreas machines. The insulin pump manufacturers are doing everything they can to stop this as they view this movement as destroying their market. Thank you for posting this link.

      I for one support the loopers.

    • by cliffjumper222 ( 229876 ) on Friday June 28, 2019 @01:32PM (#58841460)

      Upvote parent.

      The so-called insecure pumps have been a godsend to the closed-loop users who have managed to make a much better system by themselves than the original manufacturers. This is a head-on three-way crash between the FDA, a manufacturer and users and their respective rights, responsibilities and wishes. This appears to be the FDA doing CYA to make sure the ever-growing demand for users to design and use their own hardware is not met with any form of implied acquiescence.

      • Medtronic should definitely take hints from what the closed-loop dev community has done but they aren't legally allowed to make those here in the States. That's the FDA's call. In the EU, they can and do make these.

        There is not currently a wireless protocol that's immune from exploits and the medical versions of ZigBee/Bluetooth are barely more secure than the protocols they're based off of if even that. Both ZB/BT have numerous examples of cracks being posted every year. The best engineers can do is improv

        • It's not the FDA. The FDA just cares that you have a process, have thought about the risks, and are following your process. It's lawyers and culture that are preventing progress. The open-source diabetes community has had mostly-positive interactions with the FDA and we have gotten most of our needs met by scheduling meetings with the committees and discussing the testing processes that we use. Now Tidepool, a non-profit type-1 diabetes data/research tool vendor is taking up more of the torch there and

  • Cyberpunk (Score:4, Insightful)

    by alvinrod ( 889928 ) on Friday June 28, 2019 @11:51AM (#58840844)
    I think that one of the reasons we won't see any kind of real world "cyberpunk" setting with massive amounts of augmented humans is because no one can create secure hardware and software. What good are your bionic legs when some script-kiddie from the other side of the world can hack them and make you Riverdance until you pay 3 bitcoins?
    • by modi123 ( 750470 )

      Amusingly the game 'HackNet' has a portion where you can hack a pace maker after researching on the ins and outs of it.. and.. ah.. do things.

      After my initial B&E I perpetually used it to route my connections through to mask my identity when system security was after me. It made me chuckle.

    • I think that one of the reasons we won't see any kind of real world "cyberpunk" setting with massive amounts of augmented humans is because no one can create secure hardware and software

      This is incorrect. The primary issues are implant rejection, sharp/hard edges, friction.

      - Organic tissue activates an immune response when it touches implanted material. We have a few alloys that mostly avoid this response but it's not 100%.
      - Sharp/hard edges on anything implanted causes continuous cellular damage and drives rejection.
      - Friction is a big problem and why you can't where any kind of prosthetic limb all day long. Anchoring to bone is exceptionally tricky business and there is always the ris

  • New Product Alert (Score:3, Insightful)

    by sweet ( 235260 ) on Friday June 28, 2019 @12:41PM (#58841110)

    Most likely due to the fact that their older insulin pumps are being hacked to be an artificial pancreas.

    https://diyps.org/2016/05/12/how-i-designed-a-diy-closed-loop-artificial-pancreas/

    Gee, I wonder if they have a new product coming out soon. It can't be a coincidence that the model numbers almost completely align.

    • Sounds like this is exactly the case. I asked my wife (who is a diabetes educator) about this - in part because I wanted to be sure she was aware of the recall. What she said was

      "Yeah I saw that. Medtronic is being a bully - they don’t like DIY loop and APS community. Those are very old pumps. They don’t want more people abandoning their crappy closed loop system.

      They knew about this years ago when those pumps were still in warranty, but they didn’t issue a recall then..."

  • by Matthias Granberry ( 6062808 ) on Friday June 28, 2019 @12:51PM (#58841166)
    The used insulin pump market is interfering with new pump sales for Medtronic right now because the open-source community has developed their own closed-loop artificial pancreas software and it works a lit better than what Medtronic is offering so I suspect they pushed for this advisory. There is a new class of "connected interoperable pumps" being released by their competitors that will communicate with open-source software (Tidepool Loop) that has been FDA type certified and they're spreading some FUD to deal with actual market competition for the first time in decades. The pumps listed as vulnerable are *old*, most of them 10 years gone from the market. Yes it's insecure, but there are many more patients benefiting from this than are being harmed by it. I know that I sleep well essentially every night now and that definitely wasn't true before we developed OpenAPS. If you're a type-1 patient reading this and want to know how you can make use of that old insulin pump in the closet go and read this: https://openaps.readthedocs.io... [readthedocs.io]
    • For some additional background the community has also recently reverse-engineered the currently-on-the-market Omnipod RF commands. They have a similar vulnerability surface as the Medtronic pumps, but they are a direct competitor to Medtronic. By taking the "high ground" here and publishing an advisory for decades-old insulin pumps they can push to get *their competitors'* pumps pulled off the market for cybersecurity problems before their popularity increases too much and increases the "domestic pressure

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...