Mike Nelson, DigiCert’s vice president of Digital Trust, knows the struggles of living with diabetes all too well. As a teenager, Mike was diagnosed with type 1 diabetes (T1D). His care team gave him a glucose monitor, insulin, and syringes, then sent him off to manage a complicated chronic illness.

“I felt like a pincushion,” says Mike. “Each day, I’d do seven to ten finger pricks and take just as many insulin injections. I’d go to bed each night hoping my sugar was steady and nothing would go wrong.”

Connected medical devices (IoMT) like smart insulin pumps, continuous glucose monitoring (CGM), and pacemakers have changed the game for patients like Mike. But these technologies also greatly increase the threat surface of the devices.

It's a problem only digital trust can address—a problem Mike and his team at DigiCert work hand in hand with IoMT manufacturers to solve.

The dangerous implications of untrustworthy medical devices

Medical device manufacturers have developed innovative ways to better manage glucose levels and dispense insulin. Continuous glucose monitoring (CGM) systems provide real-time glucose readings using a transmitter, a small receiver, and a sensor inserted just under the skin.

Today’s smart insulin pumps integrate with CGM systems to predict and deliver the right amount of insulin automatically. The app associated with the pump can help patients estimate and precisely modify their dose.

For diabetes patients like Mike, these medical devices have been life-changing. The insulin pumps stay in place, eliminating the need for everyday injections.

But as a security professional who’s spent the better part of his career helping manufacturers secure connected devices, the potential vulnerabilities set off alarm bells in his head.

“As I started using a CGM and connected insulin pump in my treatment, I couldn’t help but think about security,” he says. “Could a hacker take control of an insulin pump? Could blood glucose levels be altered to provide false readings? What would the result of these compromises be?”

The security challenges facing device manufacturers

For CGM systems and insulin pumps to work together, they don’t just have to be able to trust the data being relayed to them. They also need the ability to trust the identities of the devices accessing the data. The appropriate authentication measures must be in place, along with a means to prevent the cloning of devices.

IoMT manufacturers are well aware of the security risks their devices could pose. Take a recent innovation in CGM: the closed-loop insulin system. This system connects the CGM and the user’s insulin pump, allowing the pump to autonomously detect and correct blood sugar levels. Many of these technologies also have corresponding smartphone and smartwatch apps that allow patients to check their glucose levels in real-time.

However, there are several points where a threat actor could infiltrate the system and alter these fine-tuned actions. As a result, digital trust has become a necessity for device manufacturers. They know they need advanced security controls in place to ensure the people using their devices don’t have to worry about a compromise from any part of the delivery ecosystem—system, device, or data.

Infusing IoMT technologies with digital trust

At DigiCert, Mike and his team work closely with IoMT manufacturers to manage device trust and secure their entire digital ecosystem. In the diabetes world, that means establishing a trusted identity with millions of CGMs and integrating with numerous pump manufacturers.

Diabetics need to be able to rely on their insulin delivery and CGM systems. No connected device is worth using if it introduces unnecessary risk, regardless of the device’s benefits. No finger prick is more painful than the inability to trust the accuracy of glucose levels or the security of an insulin pump.

End users depend on manufacturers to ensure authenticity and identity controls meet emerging regulatory guidelines and thwart counterfeiting and tampering. “The last thing diabetics need to worry about is device security,” Mike says. “That shouldn’t be the patient’s job.”

For his part, Mike Nelson is personally invested in device makers’ success because their products have transformed his life—and now the life of his child, who received her T1D diagnosis several years ago. As the parent of a diabetic, he’s comforted by the knowledge that he has constant visibility into her sugar levels. And the devices he’s partnered with manufacturers to secure will give him real-time updates when something isn’t right.

The latest developments in digital trust

Want to learn more about topics like identity, healthcare security, and digital trust? Subscribe to the DigiCert blog to ensure you never miss a story.