Researchers Fear Hackers Could Target Artificial Pancreas

Could new technology be hacked?

ByABC News
May 16, 2015, 1:46 AM
One of the scams making the rounds involves online ads for clerical or bookkeeping jobs you can do from home.
One of the scams making the rounds involves online ads for clerical or bookkeeping jobs you can do from home.
Getty Images/PhotoAlto

— -- New technology that could easily administer insulin to diabetics as an "artificial pancreas" has the potential change millions of lives, but researchers are warning they could also leave patients open to potentially dangerous attacks by hackers.

For type 1 diabetics the promise of an "artificial pancreas" could mean finding a way to live without daily blood sugar monitoring. However, some researchers are concerned that these new pumps could leave patients open to hackers who could tamper with insulin levels that are sent from a glucose monitor to the insulin pump.

In an article published in the journal Diabetes, Technology and Therapeutics, Dr. Yogish Kudva along with other researchers reviewed the cybersecurity of these devices that are currently being tested.

"We wanted to make sure that this important aspect of the field was adequately addressed as we get ready at scaling up on our studies," Kudva said.

In the closed-loop systems of these devices -- nearly all still being researched -- a person's blood sugar can be measured by a glucose meter which would "talk" to their insulin pump to either raise or lower their insulin dose depending on blood sugar. While the devices are currently in the testing phase, Kudva said he and his team were concerned researchers were not considering security systems for the devices.

In the article, Kudva and his team pointed out that if data is not encrypted in a wireless system, a hacker could add in wrong data that could change the insulin level in the device, potentially to dangerous levels.

"I think the most important issue to get security people more involved," said Kudva. "I don’t think there is enough security expertise at this time."

Sarah Ann MacLeish, an endocrinologist and osteopath at University Hospitals Case Medical Center in Cleveland, said with these new machines patients could be at higher risk for becoming sick from cyberattacks, since they will not be checking their blood sugars as regularly as they are with the current devices that require blood sugar monitoring daily.

"They’ll know right away if there's a problem," MacLeish said of current insulin pumps. "If they aren’t checking their blood sugar they can be very sick if there's a problem."

One possible option for these "artificial pancreas" devices currently being tested is adding some kind of back up or warning system to help ensure they are safe, MacLeish said.

An alarm could be triggered "if there’s something programmed in there that doesn’t seem right," MacLeish said. For example, if the insulin dose doubled, the machine could alert the patient who would manually confirm or deny the dosage.

Potential complications from the wrong dosage could be too much insulin, which can lead to seizure, or too little, which can lead to dangerously high blood sugar levels.

One extremely simple closed-loop device is already on the market, Kudva said, and he expects more advanced versions to enter the market in about three years. He said he hopes that device makers will consider more security options or be more transparent about security measures they have already taken.

"I think that’s the next step," Kudva said of the closed-loop "artificial pancreas" development.