Better Health: Smart Health Commentary Better Health (TM): smart health commentary

Article Comments

Why This Diabetic Isn’t Concerned About Her Insulin Pump Being Hacked

Jay Radcliffe is a fellow type 1 diabetic, and I remember reading his diabetes blog way back in the day, when I first started blogging.  We read and commented on each other’s posts, and we were both part of the blogosphere when the DOC first started to grow.  I knew he was married, had children, and did the day-to-day diabetes stuff that I did.

Which is why when I read the mainstream media’s take on his pump-hacking research (this article, Insulin Pumps Vulnerable to Hacking, for example), I reached out to him immediately.  “Can I just tell you that my mother sent me this article about your research?  Do you have time to talk?”

Jay was out in Las Vegas this morning, attending the Black Hat security conference, but he and I had a chance to hash it out over the phone.

“I know you!  And I know you as a diabetic, not as this guy who hacks insulin pumps and has a billion articles floating around about it on the web right now.  I have a few questions.  Starting with, why did you decide to hack into your own insulin pump?”

“I’m a professional security researcher.  I’m curious – I want to find out how things work,” Jay said.  “I saw a presentation two years ago on parking meter hacking, and I was really inspired by that.  It prompted me to talk to my co-worker with type 1 and said, ‘We should try that.’  I’m wearing these devices every day, and I wanted to find out how secure these things are.”

“So you took your own pump, and your own continuous glucose monitor, and hacked it to bits, literally and figuratively?”

“Hacking isn’t what people often think it is.  It’s not about breaking into things or being malicious.  Hacking is making something do something it’s not supposed to do, or not intended to do.  Like the guys on Mythbusters do,” Jay said.  “And vendors need to know about these vulnerabilities. Is it deterring from actual diabetes cure research?  I don’t think so, but if it is, people can’t be mad at me for bringing the issue up.  If you want your insulin pumps to be safer, I have to do this.  I’m sorry if it makes people upset, but I’m doing this as ethically as possible.  I didn’t disclose the brand of device that I wear, and I kept the company protected to the best of my ability.”

This makes sense, but I ran a quick Google search before getting on the phone with Jay, and I saw all kinds of articles making it sound like people with insulin pumps were the next targets for technological terrorism, and people within the diabetes community were upset because this kind of security breach potential could perhaps cause the already-slow FDA to cease diabetes device approvals in their tracks.  To me, as an Animas pumper who is waiting impatiently for the Vibe to be approved, I was not soothed.

“Are you concerned that you may have given the FDA another reason to hit pause on some device approvals?”  I asked him.  

”I am concerned.  Aren’t you concerned about the fact that the FDA doesn’t have any guidelines around wireless transmissions?  Don’t blame the FDA’s crappy process and make things less secure because you want something better.  Make it comprehensive and make it better, don’t just move fast to get it on the market.”

“I get that, but I’m not at all worried about someone hacking into my diabetes devices.  Jay, do you really think people with diabetes are targets of some kind?  And don’t you wonder if, by bringing this issue up in such a public and pretty sensationalist way, that you’re planting the idea into people’s heads?”

Jay is unflagging in support of his research.  “I’ve presented it on stage, and showed over five thousand hackers how to do it.  I suspended my own insulin pump, and I did it remotely.  And yet I’m still wearing my pump, and I am not afraid to wear my pump.  My hope is that other people will pick up the idea and work on it, and that the ethical and professional people will do more research and help make things secure.”

“But do you really have to show the insulin pumper with X’s over their eyes and the evil, pump-suspending guy lurking in the background?”

(I can’t help it:  I respect the views of my fellow PWDs, but that doesn’t mean I’m not frustrated when people sensationalize diabetes.  It’s the same viewpoint I have when people want to use images of chainsaws when they are informing people about the very real risks of diabetes-related amputations.  I’m just not into that kind of press for diabetes.  I don’t agree with sensationalist journalism, so I don’t agree with the method that Jay chose to present his information. While I get the whole “sex sells, so you have to keep it sexy” ideology, his choice to present this security issue as though it was a secret agent plot isn’t something I agree with at all.  Similarly, I’m annoyed that the mainstream media is making it sound like diabetics wearing pumps are ticking targets.  This is the information about diabetes that makes the front page?  Societal fail.)

Fellow PWD and tech blogger, Scott Hanselman, summed it up nicely:  “I appreciate the message that Jerome is trying to get out there. Wireless medical devices need to be designed with security in mind. I don’t appreciate blogs and “news” organizations inaccurately scaring folks into thinking this is a credible threat.”

“In security research, you have to bring home the point,” said Jay.  “The technical details can be boring, but a presentation at a conference like this can’t be.  You need to show the most dramatic asset to keep people’s attention and to make them care.  In this instance, the insulin pump is hackable.  I can suspend your pump.  And that can have serious consequences.  I’m not trying to hurt my fellow people with diabetes.  Instead, I’m trying my best to protect them.”

As a pump wearer myself, and a continuous glucose monitor wearer, I’m not concerned about being hacked.  I’ll sleep fine tonight … until I see the sensationalist headlines of tomorrow.  And that’s when I might need a bolus of serenity.

*This blog post was originally published at Six Until Me.*

You may also like these posts

Read comments »

Comments are closed.

Return to article »

Latest Interviews

IDEA Labs: Medical Students Take The Lead In Healthcare Innovation

It’s no secret that doctors are disappointed with the way that the U.S. healthcare system is evolving. Most feel helpless about improving their work conditions or solving technical problems in patient care. Fortunately one young medical student was undeterred by the mountain of disappointment carried by his senior clinician mentors…

Read more »

How To Be A Successful Patient: Young Doctors Offer Some Advice

I am proud to be a part of the American Resident Project an initiative that promotes the writing of medical students residents and new physicians as they explore ideas for transforming American health care delivery. I recently had the opportunity to interview three of the writing fellows about how to…

Read more »

See all interviews »

Latest Cartoon

See all cartoons »

Latest Book Reviews

Book Review: Is Empathy Learned By Faking It Till It’s Real?

I m often asked to do book reviews on my blog and I rarely agree to them. This is because it takes me a long time to read a book and then if I don t enjoy it I figure the author would rather me remain silent than publish my…

Read more »

The Spirit Of The Place: Samuel Shem’s New Book May Depress You

When I was in medical school I read Samuel Shem s House Of God as a right of passage. At the time I found it to be a cynical yet eerily accurate portrayal of the underbelly of academic medicine. I gained comfort from its gallows humor and it made me…

Read more »

Eat To Save Your Life: Another Half-True Diet Book

I am hesitant to review diet books because they are so often a tangled mess of fact and fiction. Teasing out their truth from falsehood is about as exhausting as delousing a long-haired elementary school student. However after being approached by the authors’ PR agency with the promise of a…

Read more »

See all book reviews »