Whitepaper: Dr. Rushanan explains Best Practices for Ensuring Secure… Read Now

Thought Leadership

DIY Diabetics and FDA Policy

Technology is putting more control into patients’ hands and expanding their access to data. But how far is too far? HarborLabs’s Director of Medical Security provides his view of DIY technology regarding diabetes-care technology.
A close-up of a person's upper arm with a continuous glucose monitor sensor, while they hold a remote control or small device in their hand

This past week, I had the opportunity to brief policy analysts from the FDA on the growing Do-It-Yourself (DIY) trend in the global diabetes community.

The DIY movement combines the functionality of a smart device, an insulin pump, a continuous glucose monitor (CGM), and specialized open-source software and hardware allowing users to hack their systems and deliver a customized insulin therapy to treat their diabetes. My presentation focused on the research my staff and I have been conducting with these open-source software packages and the security vulnerabilities we have discovered.

My interest in this research stems from my academic and professional career in medical device security, as well as the fact that I am T2D insulin-resistant. I appreciate the perspective of the diabetes community and understand that their motivation in modifying these insulin delivery systems is based entirely on their desire to improve diabetes management, whether for themselves or the dependents they care for. However, as a medical security professional, I find the vulnerabilities in these DIY solutions and the fact that they have bypassed the regulatory security review process to pose a potential risk to patient safety.

Still, FDA policy must always take into account the medical needs and voices of the user community and balance that against the risks and regulatory purview of the agency. I was encouraged to find that while my audience shared my concern over the potential security risks being introduced through the DIY movement, they likewise shared my respect for the motivations of the DIY diabetics community and the importance of identifying the policies that would best accommodate the movement.

Harbor Labs has been asked to return to meet with additional policy staff, and I look forward to continuing this dialogue and helping to craft sound and responsible policies that serve the interests of all parties.

About the Author

  • Dr. Mike Rushanan, Chief Scientist, professional headshot
    Chief Scientist

    Dr. Mike Rushanan is the Chief Scientist at Harbor Labs. Dr. Rushanan has been on the front line of the medical device security industry since its inception, serving as the lead engineer on the FDA’s first ever cybersecurity alert in 2015. His extensive experience with all facets of medical cybersecurity, including regulatory policy, clinical technologies, healthcare IT, cryptography, and secure system design is reflected in the countless thousands of fielded medical systems certified through his reviews. Dr. Rushanan is renowned for his work in diabetes care cybersecurity. He has worked with most major providers and a broad set of diabetes care technologies, including insulin pumps, CGMs, closed loop systems, and diabetes management software. Dr. Rushanan also specializes in cardiac care systems, surgical robotics, next-gen sequencing systems, and drug infusion systems. Dr. Rushanan teaches the course Security and Privacy in Computing, and is the course designer and instructor of Medical Device Security at Johns Hopkins University. His Ph.D. from Johns Hopkins University is in the area of Computer System and Network Security.

THOUGHT LEADERSHIP

More From Harbor Labs Experts

Your Project’s Success Starts with a Conversation

Contact Us