Cybersecurity: Insulin Pumps, Hacks, and Connected Diabetes Devices

Verified

Added on 2019/09/16

AI Summary

This report delves into the critical cybersecurity considerations surrounding insulin pumps and connected diabetes devices. It highlights the increasing risks associated with the remote connectivity of these devices, including unauthorized access, malware, and DDoS attacks. The report explores the vulnerabilities inherent in the wireless communication protocols used by insulin pumps, making them susceptible to replay attacks and other malicious activities. It emphasizes the importance of implementing robust cybersecurity measures, such as encryption, hashing, and redundant systems, to protect patient data and ensure device integrity. The report discusses the need for cybersecurity standards specifically tailored for connected diabetes devices and suggests various approaches to mitigate risks, including disabling radio frequency features, implementing the CIA triad, and establishing post-market surveillance programs. It also references the Cybersecurity Standard for Connected Diabetes Devices Program (DTSec) and its role in providing standardized solutions for manufacturers and regulators to effectively manage cybersecurity threats. The report concludes by underscoring the urgency of addressing these cybersecurity concerns to safeguard patient safety and protect the broader healthcare ecosystem.

Cybersecurity 1
Insulin Pumps & Hacks
Submitted By
Course
Professor
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cybersecurity 2
Abstract
Diabetes devices are progressively associated remotely to each other and also to data reader
devices. Risks that are associated with data flow as well as commands can have the functions of
the diabetic devices and also keep the clients in danger of wellbeing complications. The
cybersecurity of associated diabetes devices is important to look after classification, integrity as
well as accessibility of the information and the commands given to the devices. These devices
could be hacked by the unauthorized operators and furthermore by patients themselves to remove
information that are not consequently given result programming. The unauthorized access to
associated diabetes devices has been reenacted and could occur as possible. Cybersecurity
standard outlined particularly for associated diabetes devices and enhance the security of these
items as well as enhance the certainty of clients that the items will be secure. (Klonoff, D., C.,
2015).
Introduction
The diabetic devices are utilized for observing as well as overseeing diabetes give the advantages
to save the lives of patients and viable usage alternatives to healthcare suppliers. These diabetic
devices incorporate blood and constant glucose monitor, insulin pumps, pens as well as other
insulin providing devices, and also close the loop that is artificial pancreas frameworks. While
having enhanced availability and exchanging data between these diabetes devices to other
devices like using mobile phones, and the Internet, there is an enhanced risk to the security and
privacy of the patient and to the uprightness of the healthcare supplier. (DTSec Standard
Version, 2016).
Insulin Pumps & Threats

Cybersecurity 3
The insulin pumps incorporate an imbuement pump having remote interface that helps to deliver
insulin, which is continuous glucose monitoring system having glucose measurement, and a
remote control that patients can utilize to modify their imbuement pump settings. It can be
possible to deliver insulin over a ceaseless 24 hour time span to keep blood glucose in a good
position amongst the meal as well as the night progressed. The concerned risks for insulin pumps
incorporate unauthorized access like a vindictive actor that blocks as well as alter signals which
is sent remotely to a medicinal device; malware, a malignant software program intended to do
unsafe activities; and DDoS assaults which can be propelled utilizing a system infection to
overpower a device that slows down or hinder the device function. By giving hackers some
information through distributed published device check data which includes range, radio
frequency transmission information as well as device workings that are accessible on patent
databases. (Madary, J., 2016). The pump as well as the meter utilize a restrictive wireless
administration protocol by using radio frequency communications that are not encrypted. This
opens the framework to various types of attacks. (Constantin, L., 2016).
When a person is in scope of the insulin pump and can get its communication, they could
"replay" those signs to make the pump do things that the client doesn't order it to do. This type of
attack is possible on the grounds that the transmissions between the remote and pump are not
encrypted. They don't utilize succession numbers either, which are unique numbers for every
communication that enable the device segments to converse with each other, yet would guarantee
a hacker couldn't do a replay assault. (Idrus, A., A., 2016).
Cybersecurity Course
As the hackers progressively exploit verifiably remiss security on insulin pumps, safeguarding
therapeutic devices has gone up against new urgency on two fronts. There's a need to ensure

Cybersecurity 4
patients, with the goal that assailants can't hack an insulin pump to direct a deadly measurements.
Furthermore, helpless restorative gadgets additionally interface with an immense exhibit of
sensors and monitors, making them potential entry to large hospitals. (Newman, L., H., 2017).
Northern California-based Diabetes Technology Society is driving the charge, with cybersecurity
being a main topic for insulin pumps. The framework is vulnerable on the grounds that those
communication is not encrypted, in order to prevent the hackers from accessing the device. The
main cybersecurity course for insulin pumps are as following: (Cluley, G., 2016).
1. We can avoid the danger by switching off the pump's radio frequency features. This implies
that our pump and meter can never communicate with each other, and blood glucose levels
should be entered physically on the pump. (Weise, E., 2016).
2. The principle at the center of data security for the secure usage, data flow, and capacity of data
is the CIA triad. CIA remains for classification, uprightness, and accessibility.
3. The main function of data confidentiality is to guarantee that data is accessible just to the
people who are approved to access the information.
4. In order to protect insulin pump from cybercrime, insulin amount could be customized. Any
endeavor to modify those amount without a patient's information would set off the alarm.
5. By activating the vibrating alert element on the device with the goal that when an insulin
measurements is going to be delivered, the patient has a choice to cancel the delivery. (Mello, J.,
P., 2016).
6. When the process of encryption as well as protocols are executed accurately, at that point there
is no danger to the information being decoded without the key.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cybersecurity 5
7. One approach to guarantee the integrity is with hashing. A hash value (or just hash),
additionally called a message process, is the number created from a string of content, which fills
in as a computerized signature.
8. A typical strategy for guaranteeing accessibility is to build redundant frameworks.
9. A Cybersecurity Standard for Connected Diabetes Devices Program is required. Such a
program would unite driving specialists in diabetes and cybersecurity from the scholastic,
government, and private areas. The objective is build up a standard to fit specialized
determinations, guidelines, strategies, and meanings of diabetes devices identified with
cybersecurity and to promise patients that these items are protected.
10. The most ideal approach to guarantee cybersecurity of diabetes device is to mandate a level
of execution at the front end with the end goal that inability to achieve this execution would
prompt antagonistic administrative or financial outcomes.
11. We can also test the item in a post market observation program at the back end to guarantee
that the device is proceeding to keep up its underlying level of execution. (Klonoff, D., C.,
2015).
12. DTSec plans to give producers as well as controllers with a productive, standardized way to
deal with viably manage the threat that is inferable from cybersecurity dangers. (Klonoff, D., C.,
2017).
References
Klonoff, D., C. (2015). SAGE Journals. Cybersecurity for Connected Diabetes Devices.
Retrieved from - http://journals.sagepub.com/doi/abs/10.1177/1932296815583334

Cybersecurity 6
Diabetes Technology Society - Standard for Wireless Diabetes Device Security (DTSec). DTSec
Standard Version 1.0 – May 23, 2016. Retrieved from -
https://www.diabetestechnology.org/dtsec-standard-final.pdf
Madary, J. (2016). Addressing Cyber Security Vulnerabilities and Threats to Implantable
Medical Devices. IEEE Journals. Retrieved from -
http://www.wise-intern.org/journal/2016/documents/Jen_Madary_Paper.pdf
Cluley, G. (2016). Our insulin pumps could be hacked, warns Johnson & Johnson. Retrieved
from - https://www.welivesecurity.com/2016/10/06/insulin-pumps-hacked-warns-
johnson-johnson/
Constantin, L. (2016). New insulin pump flaws highlights security risks from medical devices.
Retrieved from - https://www.csoonline.com/article/3128082/security/new-insulin-pump-
flaws-highlights-security-risks-from-medical-devices.html
Mello, J., P. (2016). Insulin Pump Susceptible to Hacking. Retrieved from -
https://www.technewsworld.com/story/83969.html
Idrus, A., A. (2016). J&J alerts patients to insulin pump cybersecurity flaws, but says risk is low.
Retrieved from - https://www.fiercebiotech.com/medical-devices/j-j-alerts-patients-to-
insulin-pump-cybersecurity-flaws-but-says-risk-low
Klonoff, D., C. (2017). Concern grows over cybersecurity for diabetes devices. Retrieved from -
https://www.healio.com/endocrinology/diabetes/news/online/%7B55700189-aa78-4ae7-
8c5c-a561ecf33b3e%7D/concern-grows-over-cybersecurity-for-diabetes-devices

Cybersecurity 7
Weise, E. (2016). Johnson & Johnson warns of insulin pump hack risk. Retrieved from -
https://www.usatoday.com/story/tech/news/2016/10/04/johnson-johnson-warns-insulin-
pump-hack-risk-animas/91542522/
Newman, L., H. (2017). Medical devices are the next security nightmare. Retrieved from -
https://www.wired.com/2017/03/medical-devices-next-security-nightmare/