The Current State of DIY Artificial Pancreas Activities
Topics:
Thought leadership
This is some text inside of a div block.
Vulnerability management
This is some text inside of a div block.
Naomi Schwartz
August 2, 2024
By Naomi Schwartz, Medcrypt VP of Services
In recent years, there has been a surge of “DIYers” hacking medical devices for managing insulin-dependent diabetes, including both Type 1 and Type 2. These initiatives are driven by patients who are seeking better control over their glucose levels and more personalized diabetes management. To understand the current state of DIY artificial pancreas (AP) activities, we’ll explore the major efforts in this space and the implications for patient rights and cybersecurity.
DIY Looping and OpenAPS: Key Initiatives
DIY Loop
DIY Looping is a process that creates a feedback loop taking input from Continuous Glucose Monitors (CGM) or Blood Glucose Meters (BGM) to drive a control algorithm. This algorithm determines an appropriate insulin dose and commands an insulin pump to deliver the dosage either over a specified period or as a discrete bolus. For a comprehensive guide to DIY looping, visit Beyond Type 1’s guide.
The DIY Loop community has created extensive resources for working with different diabetes devices, all shared openly online. You can explore their work on their GitHub repository.
OpenAPS
Another major initiative in the DIY AP space is OpenAPS (Open Artificial Pancreas System). OpenAPS uses various hardware components such as an Intel Edison with Explorer Board or a Raspberry Pi with an Explorer HAT (radio device) to connect with insulin pumps and CGMs. The OpenAPS documentation provides a detailed overview of how these systems work.
Both DIY Loop and OpenAPS communities leverage software-defined radios to connect their components and command insulin dosing through mobile applications on personal smartphones. These systems typically use data from a CGM every five minutes to adjust insulin delivery, pulling glucose data from the CGM or the cloud, and considering personal logs to fine-tune insulin dosing based on individual metrics like insulin sensitivity, carb ratio, insulin activity duration, and glucose targets.
Patient Rights vs. Open-Source Hacking
The core issue in this space revolves around patient rights versus concerns related to open-source hacking. Patients, frustrated by the limited options and safety rails of approved medical devices, have taken matters into their own hands seeking greater control over their health management. Some desire tighter glucose control than what is allowed by cleared or approved devices.
While patient self-management, when done safely with physician approval, can lead to excellent outcomes, the availability of open-source code for hacking these devices poses significant risks. Malicious actors can exploit this code, potentially leading to harmful consequences. Such attacks are typically individualized and unlikely to cause widespread harm.
Improving Interoperability and Cybersecurity
To mitigate the risks of device hacking while accommodating the needs of patients, it is crucial to improve both interoperability and cybersecurity in the design of diabetes devices. Here are some key steps:
1. Enhance Interoperability: Moving towards a more plug-and-play model can give patients more options for combining specific CGMs with insulin pumps and desired algorithms. This flexibility can address the needs of patients seeking more personalized treatment options.
2. Strengthen Cybersecurity by Design: Incorporate robust cybersecurity measures from the outset to slow down and complicate the efforts of hacktivists. As becomes obvious in exploring the resources from DIY Loop and OpenAPS, these communities continuously add new devices and target the ecosystem. Strengthening your device’s cybersecurity can help protect against these ongoing attacks.
The motivations driving these hacktivists are unlikely to disappear soon. They are determined to achieve more control over their treatment options, even if it means hacking their devices. By improving interoperability and cybersecurity, developers can better support patient needs while safeguarding against malicious activities.
For more information and resources on DIY artificial pancreas systems, explore the links provided to the DIY Loop and OpenAPS communities. Stay informed and proactive in addressing the challenges and opportunities in this rapidly evolving field.
Are you a device manufacturer looking to strengthen your product cybersecurity and meet regulatory requirements? Contact us at info@medcrypt.com to discover what Medcrypt can do to help make your devices secure by design.