News Feature | May 19, 2015

Artificial Pancreas Systems Rife With Security Issues, Say Experts

By Suzanne Hodsden


Researchers developing artificial pancreas systems are not doing enough to address potential cybersecurity issues, according to experts from the Mayo Clinic and the University of Virginia.

For the past decade, researchers have been working toward an artificial pancreas system that will empower patients with a more hands-off approach to Type 1 diabetes management. The goal has been to create an automated system that can monitor glucose levels and automatically administer insulin to the patient as needed, and now several companies are nearing the finish line to regulatory approval and commercialization.

But the team of experts, led by endocrinologist Yogish Kudva of the Mayo Clinic,  claim closed-loop devices that deliver insulin automatically, and are enabled with wireless communication features, are particularly vulnerable to outsider tampering, according to an article published in the medical journal Diabetes Technology and Therapeutics (DTT).

Kudva’s team urges caution as medical device manufacturers grow closer to a finished product, warning that software integrity issues and the risk of malware or spyware could put a patient’s safety and privacy at significant risk.

“As the technology keeps advancing we have to be vigilant about interference with medical devices, especially those that automatically control insulin infusion in the artificial pancreas,” said Satish Garg, the editor and chief of Diabetes Technology and Therapeutics, in a press release. “Kudva et al. bring out many challenges one faces while making sure the upcoming devices are safe.”

In the article, researchers suggest that manufacturers be more consistent when reporting the technical characteristics of their devices during completion of clinical studies.

“Regulatory agencies such as the FDA have primarily been concerned with safety and efficacy, although with the proliferation of wireless medical device technology, security has rapidly emerged as a regulatory issue,” said researchers.

According to the article, software should be designed to provide a robust defense against attacks and “medical device networks can use redundant safety layers in order to minimize the impact of an attack on any one element.”

One suggestion offered by researchers is the implementation of an “intelligent safety algorithm” that can incorporate data collected from the patient’s medical history, and then raise a red flag to the patient if it detects input inconsistent with the patient’s usual pattern. It may be, said researchers, that the patient just consumed an unusual meal, in which case they could measure their own glucose level and adjust the device accordingly.

As robotic systems take over more healthcare management for conditions like diabetes, the risk for cyber hacking also increases, and many experts feel that risk is being minimized or overlooked by developers.

Recently, a team of scientists from the University of Washington conducted a series of experiments that exposed flaws in a teleoperated robotic surgical device. Researchers concluded that computer security experts may have more experience than biomedical device manufacturers in dealing with hackers, and that those computer security experts should be more involved in device development.

Image credit: University of Virginia