• Please Remember: Members are only permitted to share their own experiences. Members are not qualified to give medical advice. Additionally, everyone manages their health differently. Please be respectful of other people's opinions about their own diabetes management.
  • We seem to be having technical difficulties with new user accounts. If you are trying to register please check your Spam or Junk folder for your confirmation email. If you still haven't received a confirmation email, please reach out to our support inbox: support.forum@diabetes.org.uk

Survey on Insulin Pumps and Cybersecurity Awareness

A

algirald

New Member
Relationship to Diabetes
Type 1
Pronouns
She/Her
Hello everyone,

I'm a final-year BSc Cybersecurity student at the Open University, and I'm currently working on my final project, which looks at awareness of cybersecurity risks in insulin pumps — for example, how wireless or Bluetooth features could potentially be exploited if not properly secured.

This project is personally meaningful to me, as my mother has lived with type 1 diabetes for many years and has been using an insulin pump for over a decade. That experience inspired me to explore how secure these devices are and how much people know about these kinds of risks.

To support this, I’ve created a short anonymous survey (3–4 minutes) aimed at UK-based individuals who either use an insulin pump or care for a close family member who does.


No technical knowledge is needed, and the aim is simply to understand general awareness — not to raise alarm. The survey has been approved by my university tutor and contains no questions about personal or medical data.


If you fit the criteria and are willing to take part, I’d be really grateful:

Take the survey here

Thank you very much for your time and support. Please feel free to reply here or message me if you have any questions about the project.

This study has been approved by @Ieva DUK and is not affiliated with Diabetes UK.
 
Last edited by a moderator:
algirald said:
Hello everyone,

I'm a final-year BSc Cybersecurity student at the Open University, and I'm currently working on my final project, which looks at awareness of cybersecurity risks in insulin pumps — for example, how wireless or Bluetooth features could potentially be exploited if not properly secured.

This project is personally meaningful to me, as my mother has lived with type 1 diabetes for many years and has been using an insulin pump for over a decade. That experience inspired me to explore how secure these devices are and how much people know about these kinds of risks.

To support this, I’ve created a short anonymous survey (3–4 minutes) aimed at UK-based individuals who either use an insulin pump or care for a close family member who does.


No technical knowledge is needed, and the aim is simply to understand general awareness — not to raise alarm. The survey has been approved by my university tutor and contains no questions about personal or medical data.


If you fit the criteria and are willing to take part, I’d be really grateful:

Take the survey here

Thank you very much for your time and support. Please feel free to reply here or message me if you have any questions about the project.
,
Click to expand...
You need to get approval from moderators so you may find your post disappears whilst that happens.
 
Very interesting topic.
My role has some aspects around cyber security but mainly general compliance and risk and I wonder how probable this threat is?
Or even how criminal could benefit?

Doesn’t feel like a likely risk to me. I don’t believe my Omnipod 5 could be hacked.
Yes the Dexcom account, other CGM accounts could be and data could be compromised but the devices themselves is that possible?

My pump device is connected to the WiFi but it doesn’t need to be. Yes it’s connected via Bluetooth to the pod itself and the CGM but I think it would be very difficult and technical to hack the devices and then know what to do.
Risk feels very low in probability.

For the CGM if the data was accessed which is highly sensitive medical personal data, I’m not sure what harm that would cause me. I don’t want it known publicly but what harm could it cause.
Most people wouldn’t understand the data or care. For cyber criminal I don’t see the value in hacking either the data or devices unless to hold it to ransom and get money out of the companies, cause harm to them, and with devices is this to target a diabetic person.

I know smart devices and the IOT have their security risks but if someone wants to hack my washing machine or automatic car feeder they can be my guest, worst issue is the tech companies thinking they can gain customer insights, market more at us and make money money off our data by selling it. Again how much harm is knowing the cat gets fed at 6am, much much food he eats or when I wash my towels compared to underwear. It’s just all pointless additions of more pointless information.

Good luck with the studies and this research. As I say I’m very interested and it’s worth looking at.
 
Yes - I'm struggling to understand what any hacker might gain from hacking into insulin pump workings, even though I daresay it's possible. Just to show to themselves how good they are at hacking?
 
trophywench said:
Yes - I'm struggling to understand what any hacker might gain from hacking into insulin pump workings, even though I daresay it's possible. Just to show to themselves how good they are at hacking?
Click to expand...

Apart from the potential fear and personal harm, if a hacker managed to hack into a company’s medical devices they’d damage the company hugely. They could also try to extort money from them.
 
Well, true, but both Phoebe and I were looking at it from a personal POV, not a corporate one, since the OP's position also indicated that they were with Mobile phones rather than the corporate responsibility which ain't mine or hers.
 
I'm struggling to understand what any hacker might gain from hacking into insulin pump workings, even though I daresay it's possible. Just to show to themselves how good they are at hacking?

It was that bit I was answering - why they’d do it.
 
Many pumps have a Bluetooth connection to their PDM. There is a potential for this to be hacked to give you fatally too much insulin. There are security mechanisms in place to significantly limit this risk but that has not stopped TV from factiously using it to kill a good guy with diabetes (because, only good guys have diabetes in TV).
And, of course, all our personal information is stored by the manufacturer to give us access to pump settings online and to have the address to send supplies.
 
Indeed @helli Medtronic recalled some pumps due to a security risk a few years ago. You could get too much insulin or too little, both being potentially dangerous. You could also be locked out of your pump.
 
You must log in or register to reply here.
Back
Top