Today there are many “smart” options to help you manage diabetes: Products that measure your glucose levels, chart your results, upload and share data using your mobile device – but are they safe, and do the products pose potential cybersecurity risks?
For consumers who are worried about the standards of security for their diabetes controlling smart devices, there is promising news.
The Diabetes Technology Society (DTS) announced last month that their committee, focused on device security and safety standards have developed new guidance for use of mobile devices in diabetes control contexts.
The guidelines have been developed by members of DTS working on the Diabetes Technology Society Mobile Platform Controlling a Diabetes Device Security and Safety Standard (DTMoSt) project.
Manufacturers of medical devices that use mobile applications, as well mobile phone companies could find this guidance useful as they work to embed good cybersecurity into their products for diabetes patients.
Following guidance is voluntary for a manufacturer.
However, according to co-chair of the DTMoSt project, Dr. David Klonoff, medical director of the Diabetes Research Institute at Mills-Peninsula Medical Center in San Mateo, Calif., the guidance document covers potential problems with security that mobile phone-controlled devices might face, and how the manufacturer might want to address the problems.
The use of apps as remote controls for insulin delivery may not be too off in the future.
Therefore, DTMoSt aims to ensure that sufficient security measures are taken to protect the integrity of these control solutions and the safety of patients with diabetes.
“Currently, there is no medical device controlled by a mobile phone that is approved by FDA,” says Klonoff, “I expect that FDA will eventually start to clear such devices, especially, in part, if a manufacturer can demonstrate that their device is secure.”
Klonoff, therefore, believes that DTMoST guidance will assist the FDA in their review of mobile phone-controlled products, such as insulin pumps, artificial pancreas systems, and other devices.
“Mobile devices controlled by a mobile platform could be at risk of a breach of security or privacy, given many recent news stories about cyber breaches in many industries,” Klonoff warns. “This guidance provides a path for manufacturers to harden their devices and make them more secure.”
The DTMoSt Guidance builds upon the DTS Cybersecurity Standard for Connected Diabetes Devices (DTSec), which is the first consensus cybersecurity standard for connected diabetes devices with United States government input.
DTMoSt will be the first standard with both performance requirements and assurance requirements for manufacturers of connected medical devices controlled by a mobile platform.
DTMoSt identifies threats, such as malicious remote and app-based attacks and resource starvation, to the safe operation of mobile device-enabled solutions and offers guidance to developers, regulators, and other stakeholders to help manage these risks.
A consumer would know that product follows DTMoSt guidance if the manufacturer indicates the product has a seal of approval form DTS for its cybersecurity on a product label or on the company website.
Sources:
“New Standard Provides Security Guidance for Consumer Mobile Phones Controlling Diabetes Devices,” (2018, May 22). Retrieved from https://www.diabetestechnology.org/dtmost.shtml