Monday, August 8, 2011

I'm Not Afraid Of My Pump Being Hacked, Becuase Like You, I Am The Only User On My Personal Pump Network.

I worry about a lot of things - Like the economy; my life with diabetes, my mother's health, the 8 lbs I'm trying to drop, and if I will ever find the lid to my proverbial pot.
I worry about my finances and my career and I worry about what my health insurance will and won't cover - And that really keeps me up at night.
What I don't worry about is someone hacking into my insulin pump. I am the one and only on my pump's network - just like everyone else who uses an insulin pump or CGMs. The whole lot of us are networks of 1 - And that works for me.
Hacking into my pump isn't going to shutdown operations for millions, but it will piss me off royally and cause me to utter a stream of obscenities at the top of my lungs that would be heard somewhere in California!
It's not like all pump users are hooked up to some ginormous "pump network" (think Verizon or ATT) that we rely on to make sure my pumps works or require our pumps & myself to be in in a good service area.
And last I checked, my pump didn't require a certain amount of "service bars" in order to work.
As the singular user on my personal pump network, I don't feel that I pose a threat to hackers, or that they pose a threat to me.
If you hack into my pump and decide to suspend my insulin delivery, I have a feeling some bells and whistles (both literally & figuratively) would go off and I'd figure it out.

And really, if you're that into me - Why not just introduce yourself?

As someone who has a pump clipped to her hip 24X7, 365 days a year, I'm pretty much obsessed with the workings of my insulin pump - As is everyone else who wears an insulin pump and or Continuous Glucose Monitor. Pump/CGM obsession is right up there with being a pump user - They go hand in hand.
I also know that
Jay Radcliffe, a fellow PWD & Pump wearer presented his Pump Hacking report at a Hackers Conference in Vegas and to various media outlets felt that his findings were important.
I don't know Jay, and I'm not going to sit here and vilify him - I get that in this digital age, hacking is always an issue - And will continue to be. His job also requires him to be on the lookout for hack-zones.
But personally, I really wish Jay had presented his findings to our community & to the pump companies at a diabetes related venue, perhaps at ADA's Scientific Sessions or AADE. So that his hacking concerns could be addressed directly by the manufacturers & pump end users, instead of via various news outlets who tend to sensationalize diabetes headlines as a rule, not the exception.

With that being said, he did speak in depth with Kerri on Friday, and you can read thier conversation on the subject,

Now that the whole pump hacking has become an "issue in the media," I'll tell you what I'm really worried about.
I'm worried about the fear that pump hacking will cause, and I'm incredibly worried how that fear will work against people living with diabetes who rely on their insulin pumps and CGMs.

I'm worried about the FDA halting clearance on new pumps, CGMs and pump/CGM combos hitting the market for fear of people with diabetes being hacked.
I'm afraid that the FDA will cave into the fears without knowing or understanding why insulin pumps and CGMS are so important to those of us who wear them. And I'm afraid that when the FDA does finally talk with pump manufacturers & pump users on the subject, they'll use it an excuse for more FDA red tape.

Personally, I'm currently shopping for a new pump (mine is well past it's warranty) and I have different insurance then when I last purchased said pump. Now I'm afraid that my current insurance might use pump hacking as an excuse
not to OK a new pump.
My insurance only approves 2 pumps to begin with - And with the fear pump hacking might be generating, there's a potential that they won't approve either.

I'm afraid that people who would really benefit from pump therapy and who were just about to give the 'OK" to living life attached to an insulin pump, will now say no, because they fear getting hacked.
A little fear in life is good, it keeps us on our toes & helps to us to prevent a multitude of things.

But when fear starts to overrun our lives, diabetes or otherwise, no good can come of it.

I don't want the fear of my pump "potentially" being hacked to override all the wonderful things that insulin pump therapy does.

Insulin pump therapy allows for tighter control, more freedom, and insulin pump therapy has made me a healthier person who lives a diabetes life - And that is a beautiful thing,

For more posts on this subject please checkout the following posts from around the Diabetes blogosphere.
And please be sure to add your link in the comments section if it's not listed above - I'm sure there's more fantastic posts on the subject that I haven't read yet - BUT I WILL!

Also, be sure to look for the following hashtag on the twitter: #pumphack !


Michael Hoskins said...

Well stated, Kel. I agree that we aren't a target, and I have those same concerns about the regulatory process getting even more delayed as a result. Of course, now with your blog, I'm going to HAVE to unclip my pump and hold it to my ear and say "Can you hear me NOW?!" (whole new perspective on the question: "Is that a cell phone?")... :))

pearlsa said...

Well said, "I am the only user on my personal pump network" :-)

Bennet said...


(How is that for cryptic?)

Anonymous said...

I absolutely loved your post. I agree I am annoyed that the person who discovered this did not go to the AADE conference or heck contact the pump companies and say I happened to discover this. Maybe the the lure of mainstream media hype. Okay, I am going back under my rock here.

The DL said...

I also wrote about it as well.

Lora said...

Is it bad for me to admit that I only sorta, kinda read about this... rolled my eyes and went on with more important worries? Like you, I worry about the economy, finances, finding a full time job, the 18(eek!) pounds I need to drop, my son. I am up enough at night.

Unknown said...

It's not about being a target *now*; it's about designing the device to remove the potential. Like it or not, manufactures really shouldn't be cutting corners in designing our pumps/CGMs and this includes the wireless aspect; simple example, an attack vector would be basically jamming/corrupting the CGM feed. I don't expect people to do that, but I *do* realize that addressing that vector also means improved resilience against general EF noise (if any of y'all have had to work near faraday cages, you've experienced firsthand what I'm referring to).

I think people really need to separate the media sensationalism from the findings; like it or not, the rampant vulnerabilities in proprietary devices/software doesn't usually get resolved without a bit of nudging from the security researcher- responsible disclosure specifically (which was followed here).

Basically, it's about doing things right; if you're worried the FCC/FDA are going to be slow... it's orthogonal. They're *slow* anyways, which needs resolving separate from improving the device itself.

Either way, get pissed at the media for pulling the sensationalism crap; the researcher in this case did things ethically/correctly (vendor notification included), even if we may not like the fact he found some issues in our pumps.