Hacking diabetes: People break into insulin pumps as an alternative to delayed innovations
Just before the start of Memorial Day weekend, Meg Green meticulously followed online instructions for hacking an insulin pump.
Why? To make the small, computerized device smarter by giving it the capability to adjust itself, acting as an artificial external pancreas.
The hack worked, unlocking a world free of the constant blood sugar monitoring and insulin adjusting that became routine for the 26-year-old with Type 1 diabetes.
"I went out for drinks, and the pump automatically knew how much insulin to give me. I was stable all night," Green said about the jailbroken device. "It was amazing, I just wanted to cry."
Diabetes treatment has come a long way over the past few years as technology has evolved.
The professional medical community has developed gadgets equipped with sensors and wireless connectivity that can track blood sugar levels. There's tech that remotely connects patients with health care providers and even wearables that can deliver medication into the body.
As some people invest in the latest advancements to help them cope with the disease, others have found unconventional ways to manage blood sugar conditions like hacking into insulin pumps.
Three separate technologies—including a continuous blood glucose monitor, an insulin pump and a computerized control system—have been used for decades to help people with diabetes manually manage their health.
However, in recent years, a loose network of "aggressive patients" began exploiting a security flaw in some of the pumps to make them automatically estimate blood glucose levels and adjust insulin levels accordingly, according to Dr. Irl B. Hirsch, a professor of medicine at the University of Washington Medical Center.
"We've seen hacking in politics, and now we're seeing it in medicines," Hirsch said.
The endocrinologist said that thousands of people with diabetes are breaking into the medical devices because they "don't want to wait for the FDA to approve something from the usual stream of regulation."
He said the hacked pumps give users "smoother glucose levels than we can get right now with the approved devices." However, the do-it-yourself method calls for users to input their own parameters, including insulin sensitivity and basal routine, which involves a longer-acting form of insulinto keep their glucose levels stable.
Glucose is the type of sugar you get from foods, and insulin helps keeps your blood sugar level from getting too high (hyperglycemia). Diabetes inhibits the body's ability to produce or manage insulin appropriately, causing glucose to build up.
Dana Lewis, 31, an Alabama native, is one of the pioneers in the field of DIY insulin pumping.
In 2014, she used a custom program to unlock the real-time blood sugar readings from her insulin pump and created an algorithm that can predict what her blood sugar is going to be in the future. She then met with hacker Ben West, who figured out how to apply the algorithm to Medtronic insulin pumps, and "a light bulb went off," Lewis said.
She posted the code online, calling it OpenAPS, and made it widely available to anyone who wanted to unlock their insulin pumps. OpenAPS is an acronym for open automatic pancreas system.
"I wanted to share my solution with other people. From the beginning, it was a patient-driven movement of people who say, 'I want to have choices.'" Lewis said. "This was all about how do we fill the gap until there's something commercially available."
As of May, thousands of people worldwide are using the hybrid strategy, Lewis said.
Experts say the practice feeds an underground used-insulin-pump market, which sees users buying obsolete medical devices that have known security vulnerabilities.
Unsurprisingly, the practice has inherent dangers.
Earlier this month, the Food and Drug Administration warned diabetics against building their own artificial pancreas system to help control blood sugar levels after a patient using one suffered an accidental insulin overdose.
The organization said in a statement that it is "concerned about people with diabetes using unauthorized devices for diabetes management used alone or along with authorized devices."
Hirsh, who has a "handful of patients" who hacked their pumps, tells them, "While I appreciate what you are doing, from a legal point of view I can't be responsible for a hacked pump like I can from an FDA-approved device," the endocrinologist said.
"You're using pumps that are out of warranty, or off-label, so there is no way manufacturers can back it up if there is a problem."
Despite the dangers, the trend continues with DIYers posting tutorials on how to crack into Omipod's latest "Eros" generation in April, which Green used to hack the medical device.
Green said that hacking the pump had already saved at least $850, compared to buying a new insulin pump with similar capabilities.
While people hack medical devices to access their vital signs in real time, the medical community continues to roll out new, and often expensive, products aimed at making life with diabetes more manageable.
In 2018, the FDA-cleared a Medtronic system that includes automated insulin delivery. The device costs more than $7,000 before insurance.
The diabetic supply company Tadem says it expects to release Control-IQ, an FDA approved automated insulin delivery system, toward the end of the summer.
The Dexcom G6, a wearable that monitors blood sugar via a couple of tiny prongs that penetrate just beneath the wearer's skin, has been a life changer for 13-year-old Maxim Speed and his family.
Speed was diagnosed with Type 1 diabetes six years ago and has gone from carrying around a medical bag with test strips and a glucose meter to discreetly wearing the Dexcom device that transmits real-time data to his iPhone and Apple Watch.
Launched in 2018, the continuous glucose monitoring system (CGM) allows people with Type 1 diabetes to track their numbers around the clock without having to prick their fingers multiple times a day.
Maxim's father, Jermaine, said that before the Dexcom device, "We had to wake him up a few times every night to check his blood sugar. Night time was a scary time because we didn't know what his blood sugar was doing."
The app has an "Urgent Low Soon" alert that can warn users and their loved ones in advance of a severe hypoglycemic event, which allows them time to take appropriate action against dangerously low blood sugar.
Still, it's only approved for people ages 6 and older. For those paying the retail price, a box of sensors, two transmitters, and the touchscreen receiver will run you over $1,000.
"I was excited to wear it because I knew it was life-changing," the teen said about the Dexcom G6. "But it was really scary to see the applicator. It wasn't very modern. And there was a button to push the needle in."
He said that applying the device didn't hurt as much as finger pricks, which he no longer has to do. His father said watching other kids apply the device on YouTube made the transition to Dexcom's wearable gadgets easier for Maxim.
With the rise in diabetes-treating wearable medical devices has come an increase in remote monitoring systems that collect data that doctors can use to provide better-informed treatment programs.
Using specialized smartphone apps, people with diabetes can store blood glucose data in a remote portal that's hosted in a health clinic or hospital. This information can be accessed and viewed by a physician.
In fact, 68% of physicians say that they intend to use patient monitoring tech, like continuous monitoring and smartwatches to manage their patients' health, according to a new study from the Consumer Technology Association.
The survey revealed the benefits of using remote patient monitoring, which include improved patient outcomes, improved compliance rates and patients taking more ownership of their health.
"Device-derived data from multiple sources can create a more holistic picture of how a person's activities and behaviors impact their health," said Joel Goldsmith, senior director of digital platforms at Abbott.
The data gathered by wearables "can help them, and their doctors, see patterns over time and have better understanding of glycemic patterns, impact of diet and physical activity on glucose levels, and identify when there might be a risk of high or low blood sugar."
(c)2019 U.S. Today
Distributed by Tribune Content Agency, LLC.