Tuesday, October 25, 2011

"Lethal medical device hack," MY ARM!

Ugh. I saw this on Twitter today.

I wish the people who wrote and publicized these sorts of things knew what they were doing when they did them. Because of a few highly unlikely coincidences in the pump itself, a questionably intelligent person was able to hack into the pump and cause problems.

There are a huge number of issues with this still. Even though you don't need the pump's serial, you still have to have the remote option turned on [as we know the pump in question is a Medtronic - and this probably doesn't hold for the Animas Ping, see below]. Who really uses that? It doesn't come standard with the pump, and is $150.

Secondly, you'd have to be really unobservant to notice that a) your pump is alarming [in the case of suspending it] or b) that it's delivering a bolus when you haven't eaten anything. Seriously, we use this stuff too often to not notice when something's off, with ourselves or our devices.

Third, they refer to the max bolus as 25 units. I don't know about you, but my max bolus is set to 15u, and I can't exceed that; it alarms. 15 units for me, is 120 carbs - about four pb&j sandwiches, or a really large meal [dinner+cake+ice cream!]. This isn't unrealistic, but I only hit it when I've been running high and have just eaten.

Hopefully, those with high sensitivity to insulin have this threshold set much lower, even if only to protect themselves from their own human error potential. I would make a presumption that those who have not changed it would not have a huge issue with a 25 unit bolus - their insulin needs make this a reasonable bolus for them.

I don't know about you, but I think this quote in particular is hilarious:
"Three or four units [of insulin] would be a serious problem. Ten units would probably send me to hospital for sure. The whole reservoir, when it's full, holds 300 units, and that's between a three and a four day supply," said a diabetic introduced as Anthony, who is fitted with the same model pump.
What? Anthony must be a kid then, or really skinny. Probably not typical of your average PWD. Four units? That's a snack. Ten? Lunch.  [and I'm your [maybe not] average 5'6", 170lb American]

To reference the other main device on the market - the Ping. Or even the DexCom, the two operate similarly. The Ping comes with one meter-remote and one pump. The two are factory set to communicate with each other and only each other. There have been studies done with ridiculous numbers of these device pairs in a room to test cross-contamination, or having a pump pick up a data value not meant for it [they operate on the same frequency, so it would happen eventually]. There are actually really pretty graphs in the back of the Dex user manual on this. In short, it doesn't happen too often. So even if you were just sending out jamming signals, you wouldn't do much damage.

I believe that the Ping is unique in its transmitting method, in that while there's a limited option [one meter], that option gives you more security. The Dex is a bit sketchier, as you can change your transmitter ID, but you shouldn't be able to receive false data; you're not supposed to treat solely on that data anyway. I honestly have no idea about the Omnipod... If the pod only receives transmissions from the pdm... I'll give it some thought.

With some intelligence applied to your diabetes devices, there's no reason that any of this garbage should cause concern. Unfortunately, not everyone who gets to decide things about our devices is that smart. The FDA doesn't know a thing about diabetes and the people who get the devices that companies make.

We use our diabetes crap too often to not notice if someone or something's been messing with it. We have safety checks built in to let us notice something's happening. We're not stupid, and a lot more knowledgeable about our disease than those who decide what devices we can and can't have. I'd like to make a very angry statement to those who have decided to expound this 'flaw' to the world but will withhold it.

Seriously though. Go build the next DexCom or something. Don't waste my time ruining my life and eating all of my steak.

No comments:

Post a Comment