Once again, the U.S. Food and Drug Administration is inviting us to a public workshop… this time, in January, to talk about cybersecurity and our diabetes devices.
Are you using a CGM? Is it the new Dexcom G5? Is it something else that is using a wireless signal to send data to an insulin pump, a watch, or a smart phone? Ever want to use something like that?
What about uploads? Do you upload data to DiaSend or some other website? Does your provider? Do they download from one of those sites?
Guess what? All of that can be hacked.
That’s what I’m worried about. Now that we have Bluetooth-enabled devices, and we’re able to start to see personal medical information on our phones, how do we protect ourselves? How do we engage both device makers and FDA to better protect us in the event something is compromised?
Let’s face it: maybe the question isn’t “can it be hacked?”; maybe the question should really be “what do we do if my device gets hacked?”.
I’m not in favor of backing up the trolley on innovative ways to view and use our data. But I think it’s smart and altogether appropriate that FDA is bringing people together to talk about it. I don’t want to not have the latest and greatest technology available to help me live a better, healthier life. But I think it makes sense to define protocols for how to react when/if someone gets access to something they’re not supposed to have access to. How do we protect ourselves? It’s a classic “fail to plan, plan to fail” scenario.
Just off the top of my head, I have questions about whether makers will be properly educating users about risks of a data breach, and how safe or vulnerable their device is to attack (while at the same time not scaring the bejeezus out of patients—it’s a fine line). Also, if my phone is hacked, what’s the protocol for how to react? What are the steps we should take in the event of someone hacking our phone and stealing our personal health information?
I know what some of you might be saying: it’s up to the phone maker to deal with that situation. True, in part. But what if a hacker is using the Bluetooth signal coming from my CGM to hack into my phone? If that happens, what is the manufacturer’s plan to address this and limit interruptions or theft of information?
I’m not really worried about someone hacking my diabetes devices. I am really worried about someone hacking my health information, either through an upload site, a smart phone, or by some other means. And really, I’m worried about whether anyone, anywhere, has any plan to deal with that if it happens.
If you want to know more about this two day public workshop, or register to attend, just click on the image above.