Get a load of this

Incredible, but 7 hours long. Worth it. Get some popcorn. A lot of popcorn.


@Marie20 recommends these parts:

"Thank you @mohe0001
Okay, I’m listening to some of it.
It is long so it will take a while and I’m not sure I’ll last
but for those who want to skip some

at 19:10 Introductions of some of the people there
25:00 Start introduction why by FDA
34:40 Security reason Introduction

at 1:12:25 to 1:23.25
I found it very interesting
talk by Jay Radcliffe on security

at 1:23:30 FDA CDRH Jody Duckhorn
Deciding what to communicate to the public
1:25:54 first chart
Deciding what NOT to communicate to the public.
1:27:25 second chart
okay, so this one is scary."

I would add that Dexcom speaks at 2:56:00.
In between 3:00:00 and 3:30:00, they talk about the MT CVE disclosure. Wowzers.

1 Like

Thank you @mohe0001
Okay, I’m listening to some of it.
It is long so it will take a while and I’m not sure I’ll last
but for those who want to skip some

at 19:10 Introductions of some of the people there
25:00 Start introduction why by FDA
34:40 Security reason Introduction

****** at 1:12:25 to 1:23.25**
I found it very interesting
talk by Jay Radcliffe on security

at 1:23:30 FDA CDRH Jody Duckhorn
Deciding what to communicate to the public
1:25:54 first chart
Deciding what NOT to communicate to the public.
okay, so this one is scary.
1:27:25 second chart
(They also consider only 46% of the US health literate.)

at 1:38:25 Health Literacy Media
Catina O’Leary

at 1:51:25
Nastassia Tamari (BD)
Cybersecurity Communication

at 2:03:55
Karen McChesney w JDRF
Devices used and touches on online community and off label devices
Possible security risks and people thoughts on risks

at 2:14:40
Questions for prior speakers and I guess on the prior subjects

at 2:33:55 brief intro for public questions

at 2:37:10:
1st public question
Video Veronica Schmitt

at 2:47:10
Video Marie Mu ?
Researcher and patient

at 2:52:17
Zack Rothestein

**at 2:56:10 **
Benjamin West
Dexcom employee but at conference on his "own"
Touches on MT issue

**3:01:10 **
Dr Nathanael Paul
Professor University of Tennessee
Oversees security of a large medical manufacturer now, but here on his "own"
Pro DIY programs. Touches on MT issue

at 3:05:u5408:
Gretchen Riccardi

at 3:11:36
Dr Reid D’Amico
Patient and Patient engagement specialist

at 3:16:08
Beau Woods
worked at hospital where they had equipment go awry probably from a security breach

at 3:21:26
Andy Coravas
CEO Electro Labs

at 3:26:30
Nina Alli
US Marine Corp
Bio Hacking Village
Patient safety

at 3:29:45
Questions for public speakers
**3:34:27 **
****Dexcom person does explain some things
****Dr Nathanael Paul
Yes there is ways to attacks patients
**3:46:32 **
****Nina Alli
Hacking by foreign countries

More Questions to morning speakers

Break for lunch

After Round Table Discussions
FDA Clarification

Start of Round Table Summations
Table 1 Summations
Question 1
Would you expect your health care provider to discuss cyber security risks during informed consent process

Table 2
Whether the possibility of the device being vulnerable to unauthorized access and interference would change the decision to have the device implanted

Table 10
Would you ask your health care provider what alternatives are to device C and if there are similar devices that are considered more secure

Table 4
Would you want to weigh the benefits and risks of implanting a device managing your irregular heartbeat with medication

Table 8
What would you do after seeing this information

Table 6
Where would look look to find any additional information about the vulnerability, concerns about these devices

Table 7
What if you went to your health care provider and asked about if your device could stop functioning due to interference from non medical personal

Table 5
Do you think your health care provider should be your main point of contact to educate you about cyber security for your device

Table 3
From whom would you expect to hear information about the safety issues from device C

Table 11
Do you think more routine messaging would raise awareness of cyber security with medical devices and who should communicate the routine messaging, and where and when

Table 9
How would you weigh the benefits of upgrading device c against the risks of the upgrade and what would you decide to upgrade

Public Comments Intro

Comment (only 1)
Director of Cyber Security for Boston Scientific

Open discussion, questions and clarifications on round table summations

Questions from the FDA
Answers from Committee Members

Question 1
What approaches for most safety messages when risk from cybersecurity is unknown, where should the message come from

****Question 2
I found this discussion interesting as I think we always should be told but we should be told whether it is a serious risk, but I also know that if we are warned too often it becomes ignored
Should a risk be told to the patient when a solution isn’t available or should a patient always be told. Does it matter what type of device it is.

Question 3
Should patients be informed of how to keep their devices safe, cybersecurity, and how should they be told and informed for universal access

Question 4
Designating information that is actionable versus information for awareness. Distributing message to multiple audiences. Format and Frequency.

Question 5
Hard to reach populations., how to diseminate information to hard to reach populations with limited access to internet etc. What other orgs could help and who is responsible

1 Like

As an end user - how do I tell intermittently failing sensors or intermittent failures to deliver or firmware changes that negatively affect interoperability, from an actual cyberattack on my device?

Lol, Marie20. Your documentation is very, very good! Excellent work.

@Tim12, I’m still working my way through it. I’ll let you know if they touch on this at all.
People only lightly brush up against the topic of engineering failures and concerns accompanying proprietary software. More of less, they are saying that they have no mechanisms to deal with or detect cyberattack. Kinda touched on 3:35:00. You should hear the concerns of the woman who talks about her implanted cardiac device. Holy cow, its bad.


Thank-you, @mohe0001, for promoting this link to this FDA cyber-security forum. I have to admit that the 7 hour duration initially discouraged me from opening and viewing this video. But, @Marie20’s helpful index of speakers and topics caught my eye.

I saw that Ben West was one of the people interviewed by the FDA committee. Ben West, starting in about 2009, as a person wearing a Medtronic pump, decided to personally investigate how his pump worked and to what extent that its radio communications might increase his risk from any random bad actor.

At that time Ben West tried to get the help of Medtronic to understand the technical nature of his pump including software, firmware and radio frequency details. Med-T, as expected, told him that that info was proprietary and would not share details. When he inquired with the FDA about info that Med-T shared with the agency and sought to access that info, the FDA said that it could not share as it violated copyright law.

In response to those two dead-ends, he did not give up. He started the long and laborious work of discovering for himself using reverse engineering techniques to figure out how his Medtronic Minimed pump worked. This took him five years to figure out! None of the DIY systems in use today would have been possible without this ground-breaking work.

His fundamental work proved crucial to others who went on to develop Loop and OpenAPS. The importance of his effort and willingness to share in an open manner has directly and immeasurably improved my health and the health of thousands of others.

His action also fired a shot over the bow of the the proprietary bias of medical device manufacturers that the competent and engaged patient had arrived and now had taken a place “at the table” where decisions regarding our health are made. He and others inspired the founding of the #WeAreNotWaiting movement.

Interesting that Jay Radcliffe also presented. He was the white hat or good guy hacker who grabbed headlines several years ago at a hackers’ conference where he demonstrated that he could remotely take over an insulin pump and maliciously abuse it. The shallow click-bait media headline writers loved reporting his story!

One sentiment that Jay Radcliffe expressed impressed me. He said that he found that Medtronic, back in the day, put little resource or protection into cybersecurity but put a ton of resources into protecting their business and proprietary interests. This, to me, reflects perfectly on the values of companies like Med-T. Their devotion to the bottom-line trumps the interest of the patient in transparency and owning their own data.

This is a wide-ranging topic and I could go on and on. Catina O’Leary of Health Literacy Media presented this slide which sums up best this whole issue of cybersecurity versus patient care.


Hour 3: He talks about the MT issue from this year (aka this decade).

1 Like

Most every morning when I come into work this past week and sit at my desk, my Dexcom G6 receiver stops working. 20 minutes later it is vibrating and showing “Signal Loss”. I get up and go outside and it is working again a couple minutes later.

How do I know this is “just interference” and not the result of someone trying to hack my Dexcom?

I’m actually a IT professional and work with IT security guys all the time. BUT this is not McAfee nor Cisco and they don’t know the next step either.

I get that too. Its the flaky bluetooth, right? I sorta hate the G6. Am I wrong to hate it? If hate is a little strong, I certainly dislike it. I dislike you, Dexcom G6.

1 Like

I love my G6, but then I don’t have the prior G’s to compare too!

But I hardly ever lose the signal unless I’ve left it at the other side of the house!

1 Like

Why does anybody suppose that me and @Tim12 have so many issues, but Marie20 doesn’t? My signal drops, even if the device is right next to me, and I cover over with a blanket. I get lots and lots of overnight alarms from broken communications. Generally Dexcom app is more reliable than the communication between Loop and Dexcom (I think I can fix this), so I figured that the problem stemmed from there. But, I dont think that Tim12 is running Loop. Any ideas?

1 Like

It seems very likely I lose the connection at my office because of being just a few feet away from my office’s WiFi base antenna (which uses the same frequency 2.4GHz band as bluetooth used by DexCom and is a lot more powerful). I just get up and walk around every 20 minutes and the Dexcom reconnects at least for a while.

But that said, how do I differentiate random lossage from interference like this, from actual intentional hacking of my device by hackers, which undoubtedly would begin with some form of Bluetooth connection hijacking with the same symptoms I’m seeing?

BTW, here’s some infographics about why bluetooth and WiFi and microwaves all use 2.4GHz:

Just an unscientific observation concerning the new G6 8Gxxxx transmitters - with the older transmitters if I had my phone (I use the Dexcom app - Galaxy S9+) in my rear left pocket and the sensor was located near my right groin I would lose Bluetooth connectivity when I was walking outside (there’s a lot on the net about weaker Bluetooth performance outdoors vs indoors), if the phone and transmitter were both on the same side then it was no issue (never an issue indoors). That being said with the new 8Gxxxx 2 sensors so far, this has not occurred walking in the same areas. I think it has been mentioned that the new gen transmitter has better Bluetooth connectivity - seems to be the case (at least for me).

This is weird! When at home I can be in the shower with it 20 feet away and not lose connection. But that is the reader. My iphone usually stays in the LV and I am 40-50 feet away? So I expect my phone does because of the distance, but I carry my reader in my pocket on me at almost all times. iphone and reader are only about 3 feet away at bedtime.

But even out and about I just don’t lose connection on my phone or the reader. I do when a sensor is going and that usually is around day 26ish for me. I had thought that was a sign it was going until I decided to leave one on and the next day it was fine and it went to around 32 days before the readings got wonky.

But I only remember getting an alarm for lost signal once at bedtime? So I am wondering if this is a sensor thing? Do the people that easily wear it longer, are they the ones that don’t lose a signal? And maybe it’s the iffiness of the sensor not working as well in the first place that determines signal losses?

The other option is where you live. I live in an area we don’t have hardly anything other than residential around us. So maybe the interference just isn’t there? I believe even our small towns don’t have all the gadgetry in businesses, and we don’t have a lot of business buildings that might be loaded down with electronics either.

I saw this in @Tim12’s link from Wired

“A band of frequencies clustered around 2.4 GHz has been designated, along with a handful of others, as the Industrial, Scientific, and Medical radio bands.”

Is this the band where our medical devices are operating? I assume that means they are less susceptible to interference from the public 2.4 GHz bands? I don’t know, but seems the FCC would make this designation for a reason.

1 Like

Thanks so much for posting this. Do you know what year it is? 2016?

September 10th 2019 I’m pretty sure, that is what flashes on at the onset.

1 Like

Tim12, Could you try for a G4 with share. Thats the same frequency, but I think it would be better because its old fashioned RF. Do you? How much better? Enough to be significant? I believe I’ve seen RF interference on the older device, but it was super duper rare.

Thanks, d’oh!

This patient engagement meeting is fascinating on many levels. I like Ben West’s call for vendors to allow researchers (folks with diabetes and the tech know how) to take a look at the code before it’s marketed to help detect and iron out security vulnerabilities and other issues with the code. A mechanism to improve the product and also help the FDA with their oversight. Hmmm. So what happens next?