Scott Hanselman

It's WAY too early to call this Insulin Pump an Artificial Pancreas

September 29, '13 Comments [41] Posted in Diabetes
Sponsored By

app_6_steps_621

The diabetic internet and lots of mainstream news agencies are abuzz about the new insulin pump from Medtronic. Poorly written news articles that are effectively regurgitations of the Medtronic Press Release have exciting headlines like this:

Other news outlets have slightly better headlines like

But then ruin it with vague subtitles that are missing important context:

  • FDA approved the company’s automated insulin delivery system.

This is Step 1, possibly Step 0.

TO BE CLEAR. This new Medtronic 530G pump is NOT an artificial pancreas. It is an insulin pump, similar to the very model I'm wearing right now. It is paired with a revision of Medtronic's CGM (Continuous Glucose Meter) system and it does one new thing.

This new pump will turn off if you ignore its alarm that you may be having a low blood sugar.

Read it again, I'll wait.

Note the JDRF chart above describing the steps we need to towards a true artificial pancreas. This new 530G from Medtronic is arguably Step 1 in this 6 step process. It's the first step of the first generation.

But wait, doesn't your pump just handle things for you? You don't have to stick your fingers anymore, right? Wrong.

Let's stop and level set for a moment. Here's a generalization of your day if you're not diabetic.

image

Here's what a Type 1 diabetic (like me) does:

image

If I get this new pump that news outlets are incorrectly calling an artificial pancreas will anything in this cycle change? No.

There's NOTHING automatic here. I want to make that clear. Today's insulin pumps are NOT automatic. I set them manually, I tell them what to do manually. Yes, they "automatically deliver insulin as I sleep" but only because I told it to. If I eat and do nothing, I WILL get high blood sugar and today's insulin pumps will do exactly NOTHING about it.

If I only make decisions about insulin dosage based on my CGM then I WILL eventually get in trouble because today's CGMs are demonstrably less accurate than finger sticks. And, here's the kicker, finger sticks aren't even that accurate either.

Even more insidious is the issue of lag time. Medtronic's last generation of CGM lagged by 20 to 30 minutes BEHIND a finger stick. That meant I was getting "real time values" that in fact represented my blood sugar in the past. It's hard to make reliable altitude changes in your plane if your altimeter shows your altitude a half hour ago.

The Medtronic Press Release says that this new Enlite Sensor is 31% more accurate. I hope so. I personally continue to use a Medtronic 522 pump (this new one is the 530G) but I have given up on Medtronic's CGM in favor of a Dexcom G4. I am thrilled with it. The G4 has about a 5 minute lag time and is astonishingly accurate.

NOTE: I have no personal or investment relationship with either Dexcom or Medtronic. I am not a doctor or a scientist. I write this blog post with the expertise of someone who has been a Type 1 Diabetic for 20 years, a user of a Medtronic Pump for 15 years, a user of a Medtronic CGM for 4 years, and more recently a user of a Dexcom G4 for a year. My most recent A1C test was 5.5 putting my blood sugars at near non-diabetic levels on average. TL;DR - I'm a very good diabetic who uses the best available technology to keep me alive as long as possible.

I am extremely disappointed in the lack of research, due diligence and basic medical common sense in these articles. If you are a Type 1 Diabetic or have someone in your life who is, do the research and the reading and please spread the word so people can make informed decisions.

Related Reading

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Hacking Diabetes

October 5, '12 Comments [41] Posted in Diabetes
Sponsored By

Photo by cogdogblog used under CCNOTE: The top part of this post is background and basics. If you are a diabetic who wants the advanced techniques, they are further down a bit.

Being a Type 1 diabetic sucks. But, if you know anyone who is diabetic then you likely already know that. Over the last twenty years I've tried  many different drugs, diets, techniques, and hacks all meant to keep me alive as long as possible. Diabetes is the leading cause of blindness, liver failure, kidney failure and a bunch of other stuff that also sucks. It would be really awesome to die of regular old age rather than some complication of diabetes.

Every few months a diabetic should get a blood test call an hA1c that is a measure of long term blood sugar control. A normal person's A1C is between 4% and 6% which roughly corresponds to a 3 month average blood sugar of between 70 and 120mg/dl, which is great. My A1c has been around 6.0 to 6.7 which is under the American Diabetes Association's recommendation for Type 1 diabetics of 7.0, but not as low as I'd like it.

Related Reading

I recently redoubled my efforts and lost about 30lbs, started working out more and removed more carbohydrates by implementing a relaxed paleo diet. This, combined with some medical equipment changes that I discuss below have resulted in my latest A1c - just in last week - of 5.7%. That means for the first time in nearly 20 years I have maintained near-normal blood sugar for at least 3 months.

Basics

A Type 1 diabetic doesn't produce any insulin, and insulin is required to process sugar and deliver it to the cells. Without insulin, you'd die rather quickly. There's no diet, no amount of yoga, green tea or black, herbs or spices that will keep a Type 1 diabetic alive and healthy. Type 1 diabetes is NOT Type 2 diabetes, so I'm not interested in your juicers, raw food diets or possible cures. I've been doing this with some success for the last two decades and I plan to continue - also with success - for the next two.

If you blood sugar gets too high you'll die slowly and rather uncomfortably. If your blood sugar gets too low you'll die rather quickly (or at the very least lose consciousness). The number one goal for a Type 1 Diabetic is to effectively manage insulin and blood sugar levels by simulating a working pancreas where there isn't one. You eat food and your blood sugar rises. You take insulin and your blood sugar lowers. You can prick your finger and check your blood sugar directly then perform some calculations and inject yourself with insulin. If everything works out well then your blood sugar is stable just like a "normal" non-diabetic.

Unfortunately it's never that easy, and in the case of Type 1 diabetes there's a number of factors that complicate things. Sometimes blood sugar rises on its own, sometimes due to illness, hormones, or any of a dozen other factors. The most difficult issue to deal with is that of lag time. When you check your blood sugar you're actually looking at the past. You're seeing your blood sugar in the past, sometimes 15-20 minutes ago. When you take insulin it won't start working for at least 30 minutes, often as long as 60 to 90 minutes. I talk about this in my post Diabetes: The Airplane Analogy. Try flying a plane where your altimeter shows you the past and altitude adjustments are all delayed. I would imagine it's not unlike trying to pilot the Mars Lander. Sadly, there is no such thing as "real time" when it comes to diabetes management.

Basic Management

Basic blood sugar management typically comes down to carb counting and insulin dosage. You'll learn from a Diabetes Educator that your body (everyone is different) will react to insulin in a certain way. You'll learn that, for example, your insulin to carbohydrate ratio might be 1U (1 unit of insulin) to 15g (grams) of carbohydrate. You'll read food labels and if there's a cookie with 30g of carbohydrates or sugars that you'll need to "cover" it with 2U of insulin.

That's the basics. Things quickly get complicated because not all sugars are alike. A cookie with 30g of carbs will "hit you" - or cause a blood sugar rise - much faster than an apple with 30g of carbs or mixed nuts with 30g of carbs. The speed at which carbs hit you is known as the glycemic index of the food. Fruit juices, starches, candy, all have high glycemic indexes.

Why should a diabetic care about how fast food raises their blood sugar? Because the faster your blood sugar moves the hard it is it control. If a cookie can raise blood sugar in 15 minutes but insulin won't start lowering it for an hour you can see how a daily rollercoaster of blood sugar spikes can get out of control.

A reasonably low carb diet makes Type 1 diabetes much easier to handle and manage. I avoid bread, sugar and anything "white." That means no white rice, no white bread, no white sugar. If I'm going to have bread, it'll be whole grain or sprouted wheat.

Portion Size and Cutting Carbs

You should rarely be eating a meal that is larger than your own fist. Better you eat 6 fist-sized meals than 3 giant plates a day. Reasonable portions avoid high sugar spikes.

Cutting carbs is surprisingly easy. I've done personal experiments with hamburgers, for example. A hamburger might require me to take 6U of insulin but that same hamburger minus the top bun was only 3U. It was still satisfying and yummy but that top bun was just empty carbs. That leaves more room for salad (with dressing on the side) which is a diabetic's "free food." You can eat raw veggies until you're bloated and in some cases take no insulin at all, while a Small French Fry could literally set you on a miserable rollercoaster of a day.

Fries and starches are simply off limits. If you eat them, you will pay the price. Pizza, potatoes, tubers of any kind are all effectively raw sugar. Same with all fruit juices and any HFCS (High Fructose Corn Syrup.) In fact, any "-ose" is ill-advised, including Fructose, Glucose and Dextrose.

The Poor Man's Pump

Not that many years ago insulin came in many speed variations. Some were long acting and some short. In recent years we've standardized on two kinds, very long acting where one shot lasts for 24 hours, and fast acting where one shot starts in about an hour and is gone in about four.

We need some insulin running in the background all the time just to stay stable. This is all the basal rate or background insulin. Then when we eat we need a bolus of insulin to "cover" a meal. Long acting insulin can act as the basal and short acting as the bolus.

For those that don't have an insulin pump (more on that later) a pump can be simulated by a long acting shot of an insulin like Lantis/Glargene once a day to act as a basal and then short acting insulins like Humalog/Novalog/Apidra for means. You can simulate about 80% of a pump with this "poor man's pump."

Insulin Pumps

Photo by cogdogblog used under CCIf you've got an insulin pump like I have then you actually have no long acting insulin in you. Instead you've literally got a pump and a tube dripping insulin into your body. I've worn one 24 hours a day, while asleep and awake for over a decade.

So where's the basal or background insulin coming from? The pump actually contains only short acting insulin but delivers it in extremely precise and tiny increments all the time. For example, I usually have my pump delivering 0.5U/hr all the time.

Note that none of this is automatic. Pumps are not automatic systems and will only do what you tell them, fortunately or unfortunately. If you're willing to put some thought and effort into it you can do some interesting things with pumps that you simply cannot do with MDI (Multiple Daily Injections.)

Square Wave Basal (Buffet Mode)

One of the things a pump can do that injections simply can't is basal adjustments. Once you've taken a long-acting insulin shot, it's in you and it's going to do its work for 24 hours. The only thing you can do with insulin in you already is add more food or more insulin.

With a pump, though, you can program a either a Square Wave Bolus or a temporary Basal. This can be useful when at an event where you'll be "grazing" and eating little bits over a long period, or in situations where you're eating foods that will take a long time to digest, like pizza.

Temporary basals are also useful for exercise and activity. You can temporarily lower your background insulin for a few hours while you're hiking, for example. Lowering your basal temporarily is your best way to avoid exercise-related lows.

Often Type 1's get into trouble exercising because they'll work out, burn a hundred calories, have a low blood sugar, then eat a few hundred calories thereby negating the original exercise. Lower your basal an hour or so before exercise and set a timer to keep it low for an hour or two. Better an exercise-induced high than an exercised-induced low.

Temporary Basals while crossing Time Zones

I do a lot of international travel and often cross a number of time zones in a single trip as a diabetic. Diabetics on pumps often have multiple basals rates programmed on a schedule and this can cause issues when going overseas.

For example, here's mine:

  • 3am - 0.75U/hr
  • 8am - 0.5U/hr
  • 6pm - 0.6U/hr
  • 12am - 0.5U/hr

The 3am to 8am boost there is to manage the blood sugar rise known as the "dawn phenomenon." It's your body trying to get you ready for the day. It's part of your circadian rhythm and it's great for you. It's lousy for me though as it means my blood sugar will just start rising unchecked starting at about 4am.

When travelling, though, what's dawn to me? ;) It takes about a day to adjust for every time zone crossed. So even though I was just in Europe for a week, my "dawn" was slowly moving from the west coast of the US over the Atlantic all week. I needed to be aware of this as I set my pump's clock.

If you change your pump's clock to the destination time zone on the first day, your basals won't reflect your physical reality. You'll get more insulin at 3am local time, for example, but you likely needed it 4 or 7 hour before.

I've found that for simplicity's sake I set my basals while travelling to two 12-hour values, night and day. For example, on this trip I set to 0.6U/hr during the day and 0.5U/hr during the night. This allowed me to see when the dawn rise was happening and deal with it using a bolus, rather than risking a nasty and unexpected low at a seemingly random time. Use temporary basals to smooth things out. I'll set 4 and 6 hour temporary basals as well to "tap it down" or "float up."

Super BolusPhoto by kirinqueen used under CC

One of the most advanced and most powerful techniques is the Super Bolus. I tend to be a little prejudiced against CDEs (Certified Diabetes Educators) (sorry, friends!) unless they are diabetic themselves. No amount of education can match 24 hours a day, 7 days a week for 20 years. The Super Bolus is one of those techniques that we find after hard work and 3am suffering.

Since even fast-acting insulin often isn't fast enough you'll sometimes want a way to give yourself more insulin now without an unexpected low in 2 to 4 hours.

What you can do is turn off your pump effectively by setting a temporary basal of 0U/hr, and then give yourself the saved amount on top of your planned bolus.

Here's an example. You want to have some ice cream. You take 5U of insulin, your basal is 0.5U/hr. You eat the ice cream and have a bad high sugar in an hour and then a nasty low 3 hours out. The insulin didn't move fast enough to cover the ice cream, and when it did finally start working it took you low because your basal was ongoing.

Instead, you could take 6.5U of insulin and set a 3 hour temporary basal of 0U/hr. You have taken the 1.5U that would have been spread out over 3 hours and instead stacked it on top of the big bolus. The net amount of insulin is the same! You're just clipping that big high and bypassing that nasty low.

You'll need to find numbers that work for you, but the Super Bolus is a powerful technique for avoiding highs and still being able to eat some carbs.

Off-Label Drugs

There are a number of interesting new drugs out for diabetics that aren't super common but if you're interested in hacking your diabetes and you have a willing endocrinologist they could help you.

Symlin is a brand name synthetic amylin and replaces another missing hormone in Type 1 diabetics. Symlin is another shot you would have to take in addition to insulin. We tend to digest food really quickly and that causes nasty post-prandial (after eating) blood sugar spikes. Symlin will slow your digested to that of a normal person and clip those high sugars and allow your insulin to work. Talk to your doctor because it's serious stuff and not to be trifled with. Symlin induced low blood sugars can be really challenging to pull up out of. If you can get past the first two to four weeks of nausea it can be a powerful tool. I took Symlin for a number of years but now I only use it for a few large meals a year like Thanksgiving and Christmas.

Victoza is a new drug for Type 2 diabetics and is explicitly not recommended for Type 1s. However, if your doctor feels it would help you as a Type 1 it can be given "off label." It is a GLP1 inhibitor that also slows absorption of food and its movement through the gut. Finding the right dose can be a challenge, but since Victoza is a daily injectable you can adjust the dose one day at a time.

UPDATE/Correction from Karmel: "Minor point, but Victoza and Bydureon are GLP1 (with a P for glucagon-like peptide) agonists (that is, analogs)-- they mimic the action of GLP1, not inhibit it. Some T2 drugs with similar effects like Januvia are DPP-4 inhibitors, where DPP-4 inhibits GLP1, making a DPP-4 inhibitor a positive regulator of GLP1. But GLP1 we want"

Bydureon has a similar effect to that of Victoza except you take it once a week. It's also a Type 2 drug that is off label for Type 1s. It takes about a month to build up in the system before you see its effects and it can also cause significant nausea.

Order of Food

What a silly heading, but yes, the order you eat can affect your blood sugar. If you drink juice and eat bread before eating a chicken breast your blood sugar will rise faster than if you eat the chicken breast first. If you have a meal with fat in it then eating the fatty part of the meal will slow down whatever comes next. While cheese isn't really good for you, you can slow down the food that comes after it by eating cheese before crackers and an apple, for example.

Lowering A1C by Sleeping

Here's another trick that was so fundamental to getting my A1c down. You're asleep for 6 to 10 hour a day. Nearly a third of your life you're asleep. This is the perfect time to have great blood sugar. There are few feelings worse as a diabetic than waking up after a long night only to discover that you've had high blood sugar all night long. You've been marinating in your own sugar and you didn't even know. What a horrible feeling.

I try not to eat after 8pm so that I have from 8pm until I go to sleep to even out my numbers. You want your numbers to be either normal or heading clearly towards normal as you go to sleep. Just as they say for a good marriage you should never go to bed angry. I say for good A1c results you should never go to bed with bad blood sugar. Even if your numbers are garbage all your waking hours at least try to get them smooth and low as you sleep. Avoid doing anything to move them around after dinner. Eat your dinner, get back to normal, then have a basal rate you can count on and set it for as long as you can.

Equipment

Always be on the lookout for equipment that might allow you to better manage your blood sugar. Sometimes this is covered by insurance, sometimes it's not. It never hurts to ask your insurance company or your doctor.

I've used a Medtronic insulin pump with an integrated CGM for years. It's a good integrated system but the CGM has as considerable lag time showing my blood sugar about 20 minutes in the past. I have also been unimpressed with my OneTouch Mini blood sugar meter. I grow tired of calibrating and coding the meters and I also feel they aren't nearly as accurate as one needs for tight control.

This year I moved from my Medtronic Paradigm Continuous Glucose Meter (CGM) to a Dexcom Seven CGM. I also switched from a OneTouch Mini to a OneTouch Verio.

The OneTouch Verio is a near codeless meter from OneTouch. That means I can just plug in a strip without entering any codes or calibrations. It is rechargeable with a standard mini-USB adapter and it even as a lighted sensor area so you can check your numbers at the movies. (This is a bigger deal than you might realize.)

The Verio, in my opinion, skews high in its readings. When compared to the OneTouch Mini the Verio values are consistently 20mg/dl higher. This is actually a good thing because when calibrated with the Dexcom CGM it nudges me towards an even lower blood sugar goal.

The Dexcom Seven CGM is the single greatest piece of new technology I've ever experience since I was diagnosed at age 20. It's so profoundly amazing and so utterly indispensible I truly can't imagine life without it. It reduced the lag time for my readings from 20 minutes to less than 5. It's far more accurate than the Medtronic and the sensors can stay in for a week or more. It doesn't provide as much historical data as the Medtronic but the accuracy of the Dexcom is a thing to behold. I'm looking forward to the new Animas Vibe with the Dexcom integrated and plan on switching the nanosecond it comes out. Even though the Dexco is yet another thing to carry and keep charged I credit this CGM with helping me get the best A1c test results of my diabetic life thus far.

As with all random blog posts your read on the internet, remember this. I'm not a doctor. I'm just a random dude you don't know. Try all this at your own risk and under your doctor's supervision.


If you'd like to make a tax-deductible donation to the American Diabetes Association and be a part of Team Hanselman, you can donate securely here http://hanselman.com/fightdiabetes/donate. It is appreciated!

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

The Sad State of Diabetes Technology in 2012

June 17, '12 Comments [118] Posted in Diabetes
Sponsored By

animation1I've been diabetic for almost two decades. It's tiring, let me tell you. Here's a video of my routine when I change my insulin pump and continuous meter. I'm not looking for pity, sadness or suggestions for herbs and spices that might help me out. I'd just like a day off. Just a single day out of the last 7000 or the next, I'd like to have a single piece of pie and not chase my blood sugar for hours.

Every time I visit the doctor (I do every 3 months) and every time I talk to someone in industry (I do a few times a year) I'm told that there will be a breakthrough "in the next 5 years." I've been hearing that line - "it's coming soon" - for twenty.

I used to wait a minute for a finger stick test result. Now I wait 5 seconds but we still have blood sugar strips with +-20% accuracy. That means I can check my sugar via finger stick twice and get a number I'd take action on along with one I wouldn't. Blood sugar strip accuracy is appalling and a dirty little secret in the diabetes community.

I started with insulin that would reach its peak strength after about 4 hours. Today it takes about an hour. Awesome, but that's not fast enough when a meal can take me to the stratosphere in minutes.

We are hurting here and we can't all wait another five years. Diabetes is the leading cause of blindness, leading cause of kidney failure and leading cause of amputation.

I wrote the first Glucose Management system for the PalmPilot in 1998 called GlucoPilot and provided on the go in-depth analysis for the first time. The first thing that struck me was that the PalmPilot and the Blood Sugar Meter were the same size. Why did I need two devices with batteries, screens, buttons and a CPU? Why so many devices?

NewColorSmall_smallIn 2001 I went on a trip across the country with my wife, an insulin pump and 8 PDAs (personal digital assistants, the "iPhones" of the time) and tried to manage my diabetes using all the latest wireless technology. Here's what I had to say 11 years ago:

With Bluetooth coming, why couldn't my [PalmPilot] monitor my newly implanted smart-pump? GlucoPilot could generate charts and graphics from information transmitted wirelessly from the pump. For that matter, the pump, implanted in my abdomen, could constantly transmit information to Bluetooth-enabled devices that surround me. The pump might use my cell phone to call in its data into a central server when I'm not using the phone. If I wander near my home computer, the pump or Visor might take the opportunity to upload its data. During a visit to the doctor, Bluetooth's 30-meter range could provide the doctor with my minute-by-minute medical history as I sat in the waiting room.

Back in 1998 when I was writing and marketing GlucoPilot I was using a custom cable that connected directly from my PalmPilot to the glucose meter and downloaded my historical glucose data. Fast forward to 2012 and what new technologicals innovation do we have?

Yes, that's a custom cable to plug-in to my PDA. Yes, I'm a frustrated diabetic. This a 15 year old solution with no backing standards, no standard interchange format, no central cloud to store the data in. It's vendor lock-in on both sides.

Kudos to the Glooko guys for fighting the good fight and shame on the blood sugar meter manufacturers for making their job hard.

iphone_cable_meter

Fifteen years ago we talked about data standards and interoperability. I was even on a standards board for a while to try and pressure the industry to standardize on data interchange formats. I have personally written multiple blood sugar meter data importers from the very simple (CSV) to the very complex (binary packed and purposely obscured to prevent 3rd party data dumps) and I can tell you that the blood sugar meter manufacturers are not interested in making it easy to move our data around. This is a billion dollar industry.

Today I read an article about the iBGStar (a forgettable name) glucose meter that plugs directly into an iPhone 30 pin port. The article came up on Hacker News and one of the designers said this in a comment:

I'm one of the designers of the iBGStar and we considered Bluetooth. We actually have another FDA cleared product that uses Bluetooth, but cost, battery life, and a bunch of technical issues led us to favor the 30 pin.

iBGStar-IPhoneThis is hugely disappointing especially since Bluetooth 4.0 is said to offer battery life as long as 10 years on some products. Given all the new iPhones have Bluetooth 4.0 just waiting for devices to connect to, you'd think this is a perfect opportunity for a Bluetooth 4.0 glucose meter.

I appreciate the attempts and the word that is being done in the space, I truly do, but as an end user when I see products like this that are trying to push the envelope but fail with fundamental usability issues, I'm saddened. Most diabetics check their blood sugar 10 times a day or more. I can't keep this glucose meter attached to my phone. It'll fall off, get bent, mess up the 30 pin connector. It's simply not reasonable for a day to day use coming in and out of pockets.

A more reasonable mode of usage would mirror the FitBit. It's tiny, clips to my belt and automatically notices when I pass by my computer then uploads its data wirelessly. That's how wireless is supposed to work. And the battery lasts at least a week.

Twenty years and no significant moves. We are still wiring our devices together, translating from one format to another, all the while being hamstrung by the FDA and their processes. When we do start to get something working well, it's attacked and we're told that our insulin pumps can be hacked from a mile away and we can be killed in our sleep. This will no doubt slow progress and make the FDA even more paranoid when approving new technology.

I've just this week switched from a Medtronic Continuous Glucose Meter to a DexCom, which is another company. This new CGM gives me more accurate data with less lag time. However, I still have the same insulin pump. This means my meter and pump aren't integrated so I carry another device on my person. This is because while the Animas Vibe, a pump that integrates both the DexCom meter and an insulin pump as well as other features like being waterproof, is available EVERYWHERE but the US. It's in the FDA process. Maybe ready in 6 months? 18? Who knows. When it shows up, the technology will be years old while the iPhone is on generation 6. We've got 3D TVs to watch crappy movies on by my insulin pump's firmware hasn't changed in nearly a decade.

The article about the iBGStar is poorly researched and galling.  I appreciate what Hacker News commenter lloyd said with emphasis mine, calling out this inane line from the article.

"Could this be the beginning of mobile diabetes monitoring?"

As so many people above have stated, no, you moron. We've been monitoring blood sugar on the go for the past 30 years.

I've got Type 1 diabetes...and my current meter is smaller than the one shown here. I can plug it into my Mac via USB to download and visualize the data (& can control my insulin pump via bluetooth using the meter).

The only benefit with this particular iPhone-compatible meter would be enhanced, immediate visualization of results. Which might be easier to get, and might not, given the inconvenience of having to remove an iPhone case and plug in the meter. (Not to mention other issues - what if my iPhone's batteries are dead? Will it still work?)

Unfortunately, this product reminds me of 5 years ago, when someone would announce a new toaster, and the tech crowd wouldn't be impressed...unless it was a Bluetooth toaster. We're so focused on it being the hot new thing (it's compatible with iOS! Oooh!!) that we ignore the fact that there's nothing revolutionary being presented here.

The way I see it, this doesn't really change anything in terms of treatment. If it's a more accurate meter, great - sell based on that. Not on the bogus "we're taking blood glucose monitoring mobile" claims.

You may feel like technology is amazing and it's moving so very fast and it surely is. But as a diabetic who relies on technology to stay alive as along as I possibly can, it feels like nothing has changed in 20 years. Maybe something will happen in just 5 more.


Sponsor: I want to thank the folks at DevExpress for sponsoring this week's feed. Check out their DXperience tools, they are amazing. You can create web-based iPad apps with ASP.NET and Web Forms. I was personally genuinely impressed. Introducing DXperience 12.1 by DevExpress - The technology landscape is changing and new platforms are emerging. New tools by DevExpress deliver next-generation user experiences on the desktop, on the Web or across a broad array of Touch-enabled mobile devices.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Hackers can kill Diabetics with Insulin Pumps from a half mile away - Um, no. Facts vs. Journalistic Fear mongering

August 5, '11 Comments [54] Posted in Diabetes
Sponsored By

UPDATE: Jay Radcliffe, the researcher discussed in this post, has emailed me, a little upset. In the interest of transparency I've included our email thread at the end of this post so that Jay's perspective on any inaccuracies may be seen. I encourage you to draw your own conclusions.

There's a story making the rounds on Twitter right now. Engadget "reports" researcher sees security issue with wireless insulin pumps, hackers could cause lethal doses.

Wait till you see what researcher and diabetic Jay Radcliffe cooked up for the Black Hat Technical Security Conference. Radcliffe figures an attacker could hack an insulin pump connected to a wireless glucose monitor and deliver lethal doses of the sugar-regulating hormone.

First, a little on my background. I've been Type 1 diabetic for 17 years. I've worn an insulin pump 24 hours a day, 7 days a week for over 11 years and a continuous glucose meter non-stop for over 5 years. I also wrote one of the first portable glucoses management systems for the original PalmPilot over 10 years ago and successfully sold it to a health management company. (Archive.org link) I also interfaced it (albeit with wires) to a number of portable glucose meters, also a first.

Engadget's is a mostly reasonable headline and accurate explanation as they say he "figures an attacker could..." However, Computerworld really goes all out with the scare tactics with Black Hat: Lethal Hack and wireless attack on insulin pumps to kill people.

Like something straight out of science fiction, an attacker with a powerful antenna could be up to a half mile away from a victim yet launch a wireless hack to remotely control an insulin pump and potentially kill the victim.

The only thing that saves this initial paragraph is "potentially." The link that is getting the most Tweets is VentureBeat's "Excuse me while I turn off your insulin pump," a blog post that is rife with inaccuracies (not to mention a lot of misspellings). Here's just a few.

  • "Insulin pumps use wireless sensors that detect blood sugar levels and then communicate the data to a screen on the insulin pump."
    • Way too broad. Pumps don't. Some CGMs (continuous glucose meters) communicate with special integrated pumps. The most popular integrated system is a Medtronic Paradigm. Most other CGM system have a separate "screen" device that's separate from the pump.
  • "The sensor has to run on a 1.5-volt watch battery for two years."
    • Nope. The Medtronic receiving sensor needs to be charged ever 3 to 6 days. The pump battery is usually a AAA that lasts a few weeks.
      UPDATE: The Dexcom receiver is recharged every 3 days but the body transmitter is warrented for a year with a small watch battery.

One useful paragraph in the VentureBeat post points out again that Jerome wasn't able to decode the message. Here, emphasis mine.

Then Radcliffe went through the process of deciphering what the wireless transmissions meant. These transmissions are not encrypted, since the devices have to be really cheap. The tranmissions [sic] are only 76 bits and they travel at more than 8,000 bits per second. To review the signal, Radcliffe captured the signal with a $10 radio frequency circuit board and then used an oscilloscope to analzye [sic] the bits.

He captured two 9-millisecond transmissions that were five minutes apart. But they came out looking like gibberish. He caputred [sic] more transmissions. About 80 percent of the transmissions had some of the same bits. He reached out to Texas Instruments for help but didn’t have much luck. He told the TI people what he was doing and they decided not to help him.

That was as far as he got on deciphering the wireless signal from the sensor, since there was no documentation that really helped him there. He couldn’t understand what the signal said, but he didn’t need to do that. So he tried to jam the signals to see if he could stop the transmitter. With a quarter of a mile, he figured out he could indeed mess up the transmitter via a denial of service attack, or flooding it with false data.

Now, to the security issue. One has to read these articles and blog posts very carefully. It's easy Link Bait to say "A hacker can kill diabetics wirelessly without them knowing it!" (I assume we'd figure it out at some point, though.) While Jerome Radcliffe, the gentleman who did the proof of concept, is no doubt very clever, the folks who are blogging this fear mongering should do their homework and read the details. Jerome is presenting some of his findings at the BlackHat conference. Here's his abstract with emphasis mine. Note also that SCADA means "supervisory control and data acquisition." He's saying that we "cyborgdiabetics" (my term) are human control and data acquisition systems as data-in/control-out controls our health, well-being and ultimately our lives.

As a diabetic, I have two devices attached to me at all times; an insulin pump and a continuous glucose monitor. This combination of devices turns me into a Human SCADA system; in fact, much of the hardware used in these devices are also used in Industrial SCADA equipment. I was inspired to attempt to hack these medical devices after a presentation on hardware hacking at DEF CON in 2009. Both of the systems have proprietary wireless communication methods.

Could their communication methods be reverse engineered? Could a device be created to perform injection attacks? Manipulation of a diabetic's insulin, directly or indirectly, could result in significant health risks and even death. My weapons in the battle: Arduino, Ham Radios, Bus Pirate, Oscilloscope, Soldering Iron, and a hacker's intuition.

After investing months of spare time and an immense amount of caffeine, I have not accomplished my mission. The journey, however, has been an immeasurable learning experience - from propriety protocols to hardware interfacing-and I will focus on the ups and downs of this project, including the technical issues, the lessons learned, and information discovered, in this presentation "Breaking the Human SCADA System."

Just to be clear, Jerome has not yet successfully wirelessly hacked an insulin pump.

UPDATE: See below email thread. Jerome says he can change settings and pause the pump. This may be via the USB wireless interface one uses to backup settings and send their blood sugar to their doctor. That's an educated guess on my part.

He's made initial steps to sniff wireless traffic from the pump. I realize, as I hope you do, that his abstract isn't complete. Hopefully a more complete presentation is forthcoming. I suspect he's exploiting the remote control feature of a pump. This is a key fob that looks like a car alarm beeper that some pump users use to discretely give themselves insulin doses. However, I feel the need to point out as a pump wearer myself that:

  • Not every Insulin Pump has a remote control feature.
  • Not every remote-controllable insulin pump has that feature turned on. Mine does not, for example.

In this AP article reposted at NPR called Insulin Pumps, Monitors Vulnerable To Hacking they give us more of the puzzle which confirms that Jerome was - in at least one hack attempt - using the optional remote control feature of the pump. A feature that few turn on. Their tech is a little off as well with talk of a 'USB device,' probably an Arduino with an RF shield.

Radcliffe wears an insulin pump that can be used with a special remote control to administer insulin. He found that the pump can be reprogrammed to respond to a stranger's remote. All he needed was a USB device that can be easily obtained from eBay or medical supply companies. Radcliffe also applied his skill for eavesdropping on computer traffic. By looking at the data being transmitted from the computer with the USB device to the insulin pump, he could instruct the USB device to tell the pump what to do.

Finally, another piece of the puzzle is found at SCMagazine's scary "Black Hat: Insulin pumps can be hacked" article where they open with:

"A Type 1 diabetic said Thursday that hackers can remotely change his insulin pump to levels that could kill him."

ZOMG! Someone can remotely control my insulin pump? They continue...

"Radcliffe, now 33, explained that all he requires to perpetrate the hack is the target pump's serial number."

Oh, you mean the serial number that I use to pair with the transmitter to use the highly touted remote control function? This is like saying "I can open your garage door with a 3rd party garage door opener. Just give me the numbers off the side of your unit..."

What Jerome has done, however, is posed a valid question and opened a door that all techie diabetics knew was open. It is however, an obvious question for any connected device. Anyone who has ever seen OnStar start a car remotely knows that there's a possibility that a bad guy could do the same thing.

For example, literally last month I personally exchanged emails with a friendly hacker who successfully hacked the web services for the Filtrete Touchscreen WiFi-enabled Thermostat. Harmless? Perhaps, but his hack could successfully remotely control a furnace or AC in the house of anyone with this device. Any control device that's connected to the "web" or even "the air," in the case of insulin pumps, is potentially open for attack.

I appreciate the message that Jerome is trying to get out there. Wireless medical devices need to be designed with security in mind. I don't appreciate blogs and "news" organizations inaccurately scaring folks into thinking this is a credible threat.

We don't know what brand pump was experimented on, and fortunately the gentleman isn't giving away the technical details. If you are a diabetic on a pump who is concerned about this kind of thing, my suggestion is to turn off your pump's remote control feature (which is likely off anyway) and turn off your sensor radio when you are not wearing your CGM. Most of all, don't panic. Call the manufacturer and express your concern. In my experience, pump manufacturers do not mess around with this stuff. I'm not overly concerned.

All this said, I'd love to have him on my podcast. If you're reading this and you're Jerome Radcliffe, give me a holler and let's talk tech.

Of course, all this talk would be moot if we cured diabetes. In encourage you to give a Tax Deductable Donation to the American Diabetes association: http://hanselman.com/fightdiabetes/donate

Also, feel free to show people my "I am Diabetic. Here's how it works" educational video on YouTube with details on how I setup a pump and continuous glucose monitoring system every 3 days. http://hnsl.mn/iamdiabetic takes you right to the YouTube video.

UPDATE: In the interest in full disclosure, here is my email thread with Jay. As I've said, I'm happy to update the article, as am I doing here, with all perspectives. This was as much a blog post about the media and that meta-point as it was about the tech. Given that I had to piece this post together from several other posts and articles just to get an idea of what the big picture is, kind of makes my point about the problems of hyperbole in the media. Again, my concern is more about sensationalism than it is about the tech. I have no doubt a pump CAN be hacked. Any connected device can be hacked.

Here's our thread from earliest to latest:


From: Jerome Radcliffe

I *can* hack an insulin pump. I can suspend it, change all the settings remotely. I did that on stage. I'm quite disappointed that you did not verify any of the information in your article. People do die from hypoglycemia. Is it an extreme example? Yes. It needs to be. These devices need to be researched for security flaws. To talk about why someone might hack a pump misses the point.


From: Scott Hanselman

I'm sorry, I only found the articles I linked to, plus the abstract that said you hadn't. I tried to verify everything to the best of my ability to Google. Would you send me some newer links and I'llr update my post? My post was meant as an analysis of the news coverage more than the attack. Send me new info?

Thanks!


From: Jerome Radcliffe

I understand your position. but as a blogger/journalist there is a certain level of responsibility to publishing facts. You come off as hypocritical blaming the media for being inaccurate on diabetics being killed by pumps, and write a piece riddled with inaccuracies on my research.
1. There is a CGM that runs on a 1.5v battery for two years. You state that my research is wrong. It is not.
2. Check CBS in las Vegas's web site. They have a video of the demo. Several media outlets reported that demo.
My name is fairly unique and my email address is easy to acquire. I would have rather you contact me for clarification rather then publish a critique of my research that is far from accurate.


From: Scott Hanselman

A random blogger and a trained journalist are certainly different things, I'm sure we can agree on. I do certainly want to improve the post and add the facts and am more than happy to do so.
I'm not sure where I said "your research is wrong" in my post, but I will re-check it. Again, most of my post is quotes from actual journalists who presumably interviewed you and I quoted them. I also quoted your black hat abstract.
I searched twitter for Jay and Jerome Radcliffe but didn't find you and wasn't able to find your blog, I suppose because of the flood of new links and stories.
This CGM runs for 2 years without recharging? Perhaps I'm confused about semantics. I've had a number of CGMs, some 1.5V and all the ones with embedded batteries needed recharging. I'll check around. Again, however, my assertion wasn't against you at all, rather the journalists whose stories were inaccurate.
I feel like we are getting off on the wrong foot here. I thought I wrote a post about how other journalists and bloggers were sensationalistic and inaccurate in their coverage. My post isn't meant as, nor should it read as, a personal attack on your hard work. As I said earlier, I'm more than happy to make updates and edits and fall on my sword with any inaccuracies. I'm even happy to post our email exchange.
Be well!


From: Jerome Radcliffe

Anytime you publish, blog or newspaper, you should be responsible for the content. There is no difference between a trained journalist and a blogger. You can't duck your own criticism of responsible reporting because you feel like your [sic] just a random blogger. The fact you are so critical of my work, you have been getting a lot of press. Your article was in the Slashdot headline, which is one of the most popular sites on the Internet. The fact is your article was highly critical of my work, and highly inaccurate. Even after I specifically told you about the inaccuracies in your writing you have not corrected them.
It's really hard for me not to be offended in this case. For the last three days I have had to answer people's questions, many have cited your article based from the Slashdot coverage.


Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Details on the 2010 Diabetes Walk and a Thank You

September 7, '10 Comments [10] Posted in Diabetes
Sponsored By

Over the last few months I've blogged and tweeted about diabetes (in between my regular stuff) and you guys, Dear Readers, have be so kind as to donate over US$32,000 to Team Hanselman via the American Diabetes Association. We haven't hit our arbitrary $50k goal, but I'm totally amazed we made it this far, using only and entirely social media.

If you're interested in learning more about Diabetes and Type 1 Diabetes (what I have) then check out some of the stuff made this summer.

As a point of interest, in 2007 I tweeted every single time I had to manage some aspect of my diabetes in a day. You might be surprised how often we diabetics have to think about diabetes. I hope YOU think about it as you enjoy that cookie! ;)

Also, check out "Diabetes: The Airplane Analogy" for a clear explanation on how blood sugar, insulin, and all this equipment works together.

This next Sunday the 12th, as a culmination of all this, we'll be walking as Team Hanselman in the ADA's StepOut to Fight Diabetes. If you are in or around Portland, you are welcome to join our team and meet us at the Team Hanselman tent.

We'll be walking with many thousands at the Rose Quarter in Portland. We'll be doing the three mile walk.

General Schedule:

  • 8am: Registration opens w/ light breakfast
  • 8:40: Opening ceremony begins – Red Strider Ambassadors, ADA Researcher Dr. Michael Harris, Warm-ups, NAYA Youth Dancers and NARA Drum Group
  • 9:00: One, three and six mile walk begins through Irvington District
  • 10:15ish: Lunch, entertainment, bouncy houses, basketball hoop, music from the River City Ramblers, Health Fair Tent, face painting and more.
  • 11:15: Kids Race Walk w/ Coach Carmen
  • 12:30: Portland Step Out: Walk to Fight Diabetes Finishes

Thanks to EVERYONE for all their help and support! Remember if you donated to please make sure your company matches your donation. Also, there's still time to make a tax-deductable donation and get it matched. Also feel free to give to your local country's diabetes organization as well!

Feel free to spread the word on social networking sites with this short link: http://hnsl.mn/diabeteswalk

You're a wonderful bunch of Dear Readers and I truly thank you for your support.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web
Page 1 of 14 in the Diabetes category Next Page

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.