Medjacking: Accuracy and Cyber Protection Required for All Glucose Monitoring Devices
Accuracy of glucose monitoring devices and cyber safety are important for diabetes patients.
Blood glucose monitoring devices are expected to change significantly over the coming years thanks to new computer technology. However, these devices will only be safe and reliable if they are highly accurate and proper steps are taken to prevent malicious hacking and protect patient data, according to David Klonoff, MD, medical director of the Diabetes Research Institute at Mills-Peninsula Health Services in San Mateo, California, and clinical professor of medicine at the University of California, San Francisco.
"Accuracy is the most important feature in a diabetes device. Since diabetes requires correct decisions, correct decisions require accurate information, and accurate information requires accurate monitoring devices; therefore one must conclude that accuracy is the most important feature in a diabetes device,” said Dr Klonoff.
At the American Association of Diabetes Educators (AADE) 2016 Annual Meeting, he told attendees that the data transmitted from connected sensors must be protected for confidentiality, integrity, and availability. Breaches of these properties of data represent cybersecurity risks of connected devices and must be prevented. During his presentation, he also noted that said blood glucose monitors have been held to increasingly rigorous accuracy requirements by regulatory agencies. However, he emphasized that the importance of cybersecurity cannot be underestimated.
Regulatory agencies are currently determining where point-of-care capillary blood glucose monitors are adequately accurate for critically ill patients in hospitals. Currently, no point-of-care blood glucose monitor is cleared for such a purpose, according to Dr Klonoff. He said large databases from blood glucose monitors and other sensors are increasingly being combined to identify physiologic patterns. These are patterns that would not be evident from analyzing a single data stream. When combined with genetic data, the approach to care is called precision medicine. For diabetes, precision medicine could potentially identify new treatments to lower morbidity and improve outcomes.
“Precision medicine for diabetes is a paradigm that incorporates multiple sources of data, including wearable and portable sensors. For precision medicine of diabetes to generate accurate treatment recommendations, the data collected must be accurate,” said Dr Klonoff.
He explained that the definition of a connected medical system is a device that monitors and transmits data and/or commands from or to a patient connected to a hub. The hub may be a handheld controller/monitor, another device, a smartphone, tablet, computer or the cloud. Connected diabetes devices that require security include blood glucose monitors, continuous glucose monitors, insulin pumps, artificial pancreas systems, and the smart insulin pen.
It is important that standards for ensuring the accuracy and safety of measuring devices such as blood glucose monitors be followed and that new standards be developed to define uniform measurement of insulin delivery and safe dosing accuracy from insulin pumps, said Dr Klonoff. Such standards are in place for accuracy of insulin dose delivery from insulin pens. A surveillance program for cleared blood glucose monitors that Dr Klonoff is leading will release a report later this year about the analytical accuracy of the most popularly sold blood glucose monitors.
“Endocrinologists and diabetes educators both work with various glucose monitoring technologies, both for outpatients and inpatients. The proper performance of these devices to portray real-time glycemia requires accuracy. Likewise, insulin pumps, pens, and closed loop systems also require accuracy to deliver the correct amounts of insulin,” said Dr Klonoff.
Cybersecurity requires protection of data and command information. Dr Klonoff noted that stakeholders in the diabetes technology community want to be confident that proper protections have been put in place to prevent hacking into diabetes devices. A product that meets a cybersecurity standard will provide users and other stakeholders with assurance of safety form cyber breaches. Hacking, medjacking, and ransomware are all types of threats that can be harmful to patients and hospital systems, he explained.
“Security of connected diabetes devices is necessary for the safety of these devices. Sound cybersecurity of data, which is an asset, preserves diabetes devices' accurate performance for monitoring and drug delivery. Finally, the cybersecurity of diabetes devices will become increasingly assured through meeting the new international consensus cybersecurity standard called DTSec (Diabetes Technology Cybersecurity Standard for Connected Diabetes Devices),” said Dr Klonoff.
Disclosures: Dr Klonoff reports no financial disclosures.
- Klonoff D. S26 - Diabetes Technologies and Devices: From Accuracy to Cybersecurity. Presented at: AADE 2016; August 12-15, 2016; San Diego, CA.