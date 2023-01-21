A blood glucose control system with the help of a smartphone and a meter that is fixed to the skin.

The internet of things to remote monitor and manage common health issues has been growing steadily, led by diabetes patients.

About one out of every 10 Americans, or 37 million people, are living with diabetes. Devices such as insulin pumps, which go back decades, and continuous glucose monitors, which monitor blood sugar levels 24/7, are increasingly connected to smartphones via Bluetooth. The increased connectivity comes with many benefits. People with type 1 diabetes can have much tighter control over their blood sugar levels because they’re able to review weeks of blood sugar and insulin dosing data, making it easier to spot trends and fine-tune dosing. In recent years, diabetes patient became so adept at remote monitoring that a DIY community of patient-hackers manipulated devices to better manage their medical needs, and the medical device industry has learned from them.

But the ability to monitor medical conditions over the internet comes with risks, including nefarious hacking. Though medical devices, which must go through FDA approval, meet a higher standard than fitness devices, there are still risks to protecting patient data and access to the device itself. The FDA has issued periodic warnings about the vulnerability of medical devices such as insulin pumps to hackers, and product makers have issued recalls related to vulnerabilities. In September, that occurred with Medtronic ‘s MiniMed 600 Series insulin pump, which the company and FDA warned had a potential issue that could allow unauthorized access, creating a risk that the pump could deliver too much or not enough insulin.

Sleep apnea, Type 2 diabetes and remote health care

It’s not just diabetes where the medical device market is offering patients new benefits from remote monitoring. For sleep apnea, which is estimated to affect as many as 30 million Americans (and one billion people globally) C-PAP machines can now store and send data to health-care providers without needing an office visit.

The number of internet-connected medical devices grew during the pandemic, as lockdowns created a big push to treat people at home. As virtual care visits rose, “it opened everybody’s eyes to home-based medical devices for remote patient monitoring,” said Gregg Pessin, a senior director of research at Gartner.

Steady sales of continuous glucose monitors and insulin pumps have buoyed companies such as Dexcom , Insulet , Medtronic and Abbott Laboratories , and diabetes tech device sales are expected to grow. According to the Centers for Disease Control and Prevention, beyond the 37 million people in the U.S. that have diabetes, there are 96 million adults are estimated to be pre-diabetic. Manufacturers of continuous glucose monitors and insulin pumps, which have been the standard of care for type 1 diabetes for years, are increasingly targeting type 2 diabetes patients as well.

Multiple forms of medical cybersecurity risk

Industry security experts categorize cybersecurity risks of medical devices into three buckets.

First, there’s the risk to patient data. Many medical devices such as insulin pumps require patients to create online accounts to download data to a computer or smartphone. These accounts could include sensitive information, not just sensitive health data but personal details such as Social Security numbers.

Another risk is to the medical device itself, as evidenced by the headlines around the risk of hackers getting into a medical device like Medtronic’s pump and changing dosage settings, with potentially fatal effects. A report by Unit 42, a cybersecurity firm that is part of Palo Alto Networks , found that 75% of infusion pumps — which include insulin pumps — had “known security gaps” that put them at risk of being compromised by attackers. May Wang, chief technology officer of internet of things security at Palo Alto Networks, said that in a lab experiment hackers gained access to infusion pumps, changing medication dosages. “So now cybersecurity is not just about privacy, not just about data leakage. It’s more about life or death,” she said.

But Gartner’s Pessin said that such risk is slight in the real world. In the controlled conditions in a laboratory, “it’s just a matter of time before you’ll be able to do it,” but in the real world, “it’d be much more difficult,” he said.