August 20, 2011

Congress & Pump Hacking, Who Didn't See This Coming

So it begins:
Aug 15, 2011: Eshoo, Markey Ask GAO to Study Safety, Reliability of Wireless Healthcare Tech
Senior Committee members Anna G. Eshoo (D-CA) and Edward J. Markey (D-MA) sent a letter to the Government Accountability Office (GAO) early this week calling on them to look into whether the new devices are "safe, reliable and secure. " The issue stems from a hack shown at the popular Las Vegas conference where researcher Jerome Radcliffe -- diagnosed with Diabetes 11 years ago -- demonstrated how he could tweak the dosage levels on his pump remotely.

Dear Congresswoman Eshoo and Congressman Markley
I read the press release about your letter concerning wireless health technology. I have a personal interest in insulin pumps. I am a social media writer and participant in the diabetes community online as I am the father of two teenage type 1 diabetics who lives depend on insulin pumps. I know that diabetes management is a balancing act. Insulin and activity balance with food to maintain blood sugar. It is never a perfect balance of risks but it is what families living with diabetes strive to manage.
I hope that in your efforts to publicize your letter you are aware of the relative risks involved with insulin pumping. The community of families living with type 1 diabetes has been shocked with the deaths of a number of adolescents in the past year form hypoglycemia, excessively low blood sugar. You may know the condition better as insulin shock and it can result even when people believe that have balanced all the inputs just right. 
Insulin absorption is affected by a number of variables. Physical activity can present diabetics with increased insulin efficiency as well as changes when in insulin impacts blood sugar. It is possible that healthy, active kids see blood sugars fall overnight as a result of daytime physical exertion. In those cases reducing or stoping the delivery of insulin, even normal amounts that have previously been fine, can help prevent dangerous low blood sugars.
The US Government has tightened regulation of insulin pumps to the point where innovations that are available around the world are not available for use here. Continuos glucose monitoring systems (CGM) integrated with pump systems are sold in Europe. These insulin pump systems are made by US companies. The more advanced systems can shut off insulin to people having a low glucose episode. This innovation, while made in the USA, is not available for sale here, yet it is available around the world. 
These devices have the potential to save lives. They give people living with diabetes in Europe more choices to consider with their physicians than we have in the US. Sadly the FDA does not even have guidelines for considering how to approve low glucose suspend.
Let me be clear. I am not suggesting that wireless security is unimportant. The devices should be secure. Device makers should be allowed to bring more secure devices to market without a significant regulatory delay.
I am urging you to reflect on the life saving capabilities of innovations like CGM integration and low glucose suspend with the security risk. To date there has been no reported case of any health impact from the possibility of hacking an insulin pump. Zero. 
There have been and continue to be tragic cases of severe hypoglycemia that cost young American lives. The particularly sad loss of adolescents with type 1 diabetes highlights  where LGS may have prevented the unfortunate loss of life. Unlike pump hacking, the lives of American children are been lost to hypoglycemia. Pump hacking, considered outside of the balance of risks facing insulin dependent diabetics, may increase the regulatory delay of life saving technology reaching American families.
The cumbersome FDA regulatory process for inulin pumps slows innovation to US families. Your letter uses the word proliferation. Typically politicians use the word with a negative context. We need a wider rapid adoption of life saving innovation to help keep American teens alive not the proliferation of government studies that prevent US patients from using the innovations of American companies to live healthy lives. 
How can you as senior members of the House Energy and Commerce Committee speed up not only the safety of devices but the availability of life saving tools? 


  1. Excellent letter - so much more calm and reasoned than I was when I first saw an article describing the 'pump hacking'. I also hadn't seen the update about these members of Congress doing what the 'casual observer' thinks is helping when really it is just losing focus on the REAL problems PWD face daily.

  2. This is an excellent letter Bennet. I'm not in Markey's district, though with redistricting about to start in MA, I may end up there. I'll contact his office and give them my opinion.

    It never ceases to amaze me that our representatives can waste so much time on unimportant issues. I guess it means they can avoid the challenging things that really need their attention.

  3. As a pump user, I would be exceedingly wary of an unencrypted wireless link between a CGM and my pump, particularly if the CGM were permitted to control my pump without human intervention. It's not just hackers that could cause problems, but also wireless interference.

    I see no good reason why we shouldn't require encryption for our medical devices' wireless communications. If a "dumb" phone you buy at Best Buy for $50 can do encryption, certainly my $6500 pump can.