The News:
In August of last year, Jay Radcliffe went public with reports and demonstrations that his insulin pump could be hacked.
What This Means for the T1D Community:
As my Monday post of last week somewhat dramatically suggested, a person living with T1D might react pretty strongly to the announcement of yet ANOTHER threat when daily life means manage multiple factors and devices in order to survive.
My research, however, has provided some very good perspective. What I read will allow me to do what I like to do best in this column: offer hope.
Yes, Jay Radcliffe was able to hack into his Minimed pump. Yes, someone could remotely tamper with another person’s pump and could cause that person real harm and even death.
But here’s the thing. The chances of this happening are extremely small.
Firstly, someone would need to be perverse enough to want to harm or even kill another person in this esoteric and egregious way. Call me naive, but I have to imagine these people are not legion.
Secondly, that sociopath would be facing murder charges–as Mike so helpfully brought up in the discussion on Monday–a pretty large disincentive.
Thirdly, that criminal would need to have not only knowledge of how to hack into the pump, which cannot be easy for your average homicidal maniac, as well as the serial number–at a minimum–of the person wearing the pump.
As to the concept that once the challenge has been created you will have droves of tech wonks wanting to see if they, too, can hack into an insulin pump, this may well ocurr. But my guess is that the vast vast majority will flex their geek muscles in a cubicle with their fellow programmers, an insulin pump on the desk in front of them, the “fatal dose” of insulin dribbling out onto the desktop.
After my initial shock on hearing about the hacking at Happy Hollow last Saturday, I’ve come a long way. I’ve walked through the above unlikelihoods and have come to the same kinds of conclusions as the smart, educated folks like Larry Slettzer at Security Watch who said, “Radcliffe’s hack is interesting and helpful for pressuring device manufacturers to improve their security, but not especially scary.”
Which brings me to an important point:
Pump technology is moving quickly. Pumps have bettered the lives of hundreds of thousands of people with T1D. We WANT pump technology to continue apace so the lives of people with T1D will be further improved.
Of course we would like tighter security, but if encryption technology–which is difficult to include in such a small, nimble device–is going to stall pump development for years, then I am ready to run some risk.
The same way that getting into my car, riding my bike, walking across the street . . . all means I am running some risk.
I like to think that Mr. Radcliffe’s point–and it’s a good one–will spur manufacturers to think more carefully about security, but I really hope the threat of remote tampering doesn’t retard further advancements that are, frankly, more important to me.
What I REALLY hope is that threats of events such as hacking don’t bog down proceedings at the FDA where we have been making such headway with the artificial pancreas.
I am glad to have been made aware of this issue. I’m glad to have done some research and to see that the media attention last summer was significant but not so out of perspective that advancements were hindered.
As with all things type 1, this is yet another time to take the long view, to weigh threats and benefits, and to keep up the good fight.
If You Want to Read More:
https://www.reuters.com/article/2011/10/25/us-medtronic-cybersecurity-idUSTRE79O8EP20111025
https://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/
https://www.huffingtonpost.com/2011/08/26/medtronic-insulin-pump-hack_n_937648.html
https://www.diabetesmine.com/2011/08/backlash-on-insulin-pump-hacking-safety-issues.html
https://securitywatch.pcmag.com/hacking/286859-congress-buys-the-insulin-pump-hacking-hype
https://www.informationweek.com/news/security/vulnerabilities/231600265
