It’s not easy living with diabetes. Mike Nelson, vice president of digital trust at DigiCert, recounts how difficult it was for him as a teenager to suddenly contend with the complexity involved in managing his type 1 diabetes (T1D):
“I was given a glucose monitor, insulin and syringes and was sent off to manage a complicated chronic illness. I felt like a pincushion as each day I would do 7–10 finger pricks and take just as many insulin injections. My sugars were up and down constantly, and I’d go to bed each night hoping my sugar was steady and nothing would go wrong.”
Fortunately for Nelson, medical device manufacturers have developed innovative ways to better manage blood glucose levels and dispense insulin. Continuous glucose monitoring (CGM) systems provide real-time glucose readings using a sensor inserted just under the skin, a transmitter and a small receiver. Today’s smart insulin pumps integrate with CGM systems to predict and deliver the right amount of insulin automatically. If someone knows they need to adjust the dose for whatever reason, the app associated with the pump can help them estimate and then modify the dose. And users no longer have to inject themselves several times a day because these pumps can stay in a single place for up to two to three days.
But the remarkable advances brought about by these insulin monitoring and delivery technologies, as is the case with the technology used in other connected medical devices (IoMT) like pacemakers, also increase the threat surface of these devices. Says Nelson:
“I’m a security professional who has spent a good part of my career helping manufacturers secure connected devices. As I started using a CGM and connected insulin pump in my treatment, I couldn’t help but think about security. Could a hacker take control of an insulin pump? Could blood glucose levels be altered to provide false readings? What would the result of those compromises be?”
This is why digital trust is essential.
For CGM systems and insulin pumps to work together, they need the ability not only to trust the data that is being relayed to them but also the ability to trust the identities of the devices accessing this data. This means that these devices need appropriate authentication measures in place, as well as means to prevent the cloning of devices as additional security protections.
IoMT manufacturers are well aware of the security risks their devices could pose. Take a recent innovation in CGM: the closed-loop insulin system. This system connects the CGM and the user’s insulin pump, allowing the pump to autonomously detect and correct blood sugar levels. In addition, many of these technologies also have corresponding smartphone and smartwatch apps that patients can use to check their glucose levels in real time, among other things. There are several points in these processes where a threat actor could conceivably infiltrate the system and alter these fine-tuned actions.
As a result, digital trust has become a foundational piece of their security strategy. They know that they need advanced security controls in place to ensure that the people using their devices don’t have to worry about compromise from any aspect of the delivery ecosystem — system, device and data.
And many of these device manufacturers have chosen DigiCert to secure and manage device trust. Explains Nelson:
“Our team has worked hand in hand with these IoMT makers to ensure their digital ecosystem, which involves millions of CGMs and integrations with numerous pump manufacturers, can all be trusted. They establish a trusted identity with each device to ensure patient safety.”
Insulin delivery and CGM systems need digital trust so that diabetics can rely on them without any uncertainty. No connected device, regardless of its benefits, is worth using if it introduces unnecessary risk. Finger pricks may be painful, but they’re preferable to not being able to trust glucose levels are accurate or questioning whether a pump could be compromised.
End users depend on these companies to ensure authenticity and identity controls meet emerging regulatory guidelines and thwart counterfeiting and tampering. “As diabetics, we have enough to worry about making sure we stay healthy. The last thing we need to worry about is device security. That shouldn’t be the patient’s job,” says Nelson.
For his part, Nelson is invested in these device makers’ success because of the ways in which their products have transformed his life — and now the life of his child. “Several years ago, the benefits of connected diabetes technology became even more important to me when my daughter was diagnosed with T1D. Now, as a parent of a diabetic, I have great peace of mind knowing that we are always connected to her sugar levels and will get notified if things are off,” he says.
The peace of mind that comes from access to accurate, continuous data, paired with the relief at knowing that such solutions are secure and can be trusted — now that’s where digital trust meets the real world. Learn more at https://www.digicert.com, or firstname.lastname@example.org for more information on solutions for IoMT.