Securing modern insulin pumps with iCGM system: protecting patients from cyber threats in diabetes management

Managing diabetes is a demanding task that requires constant attention and effort. From monitoring blood glucose levels to administering insulin doses, individuals with diabetes face a daily regimen that can be particularly challenging. However, recent advancements in technology have introduced innovative solutions aimed at simplifying this process and improving the quality of life for those affected by the condition. One such advancement is the integration of continuous glucose monitoring (CGM) systems with insulin pumps, collectively known as integrated continuous glucose monitoring (iCGM) systems. These devices offer users the convenience of automated blood glucose monitoring and insulin administration, reducing the need for constant manual intervention. Moreover, modern iCGMs provide additional features such as connectivity with smart devices, allowing users to monitor their health data in real time. While these advancements undoubtedly offer numerous benefits, they also come with inherent risks, particularly concerning security vulnerabilities. The reliance on interconnected devices opens the door to potential exploitation, which could have serious consequences for individuals with diabetes. For instance, a security breach could lead to insulin overdose, resulting in severe hypoglycemia or even life-threatening complications such as severe brain injuries, coma, or even death. The architecture of iCGM systems has evolved rapidly in recent years, with a focus on compact, wearable designs that rely heavily on Bluetooth technology for connectivity. While Bluetooth provides basic security features, such as encryption, device authentication, and access control, the responsibility for implementing additional security measures such as user authentication falls on the device manufacturers. Unfortunately, this reliance on external security mechanisms and unavailable security features leaves iCGM systems vulnerable to cyber threats. Despite some efforts to address security concerns in iCGM systems, they have not undergone thorough scrutiny for practical implementation. Furthermore, existing recent works have not comprehensively covered all vulnerabilities, indicating a significant research gap in this area. This chapter outlines the modern architecture of insulin pumps, existing vulnerabilities, threats, and risks of iCGM systems, and provides insights on security measures, mitigation, and countermeasures. The goal is to bridge the research gap by identifying current architecture and threats while highlighting necessary security mechanisms. Furthermore, the chapter provides resources of open-source datasets for further research and testing to secure iCGM systems.