IEEE 2621.1-2022: Wireless Diabetes Device Security
A growing number of people with diabetes are turning to wireless diabetes devices to monitor and manage their condition in an automated fashion. As diabetes devices are increasingly connected wirelessly to each other and to data-displaying reader devices, more threats to the security of these devices persist. Assuring the security of wireless diabetes devices is essential for maintaining confidentiality, integrity, and availability of the data and commands. IEEE 2621.1-2022: IEEE Standard for Wireless Diabetes Device Security Assurance Evaluation: Connected Electronic Product Security Evaluation Programs defines a framework for a connected electronic product security evaluation program.
How Do Connected Diabetes Devices (CDDs) Work?
Currently designed connected diabetes devices (CDDs) include blood glucose monitors, continuous glucose monitors, insulin pumps, smart insulin injection pens, and automated insulin dosing systems. Data generated by a CDD is wirelessly transmitted to an app on a smartphone, smartwatch, or other devices, or to a cloud platform. As interconnections and data exchanges increase among CDDs, smart devices, and networks via wireless protocols, there is an increased risk to the safety and privacy of the patient as well as to the integrity and availability of data shared with the healthcare professional.
Cybersecurity for Connected Diabetes Devices (CDDs)
Unauthorized agents and patients themselves can hack connected diabetes devices (CDDS) and consequently extract data that are not automatically provided by the product software. Hacking CDDs can compromise their function and their accurate flow of information. These threats put users of diabetes devices at risk of health complications. As such, a cybersecurity standard like IEEE 2621.1-2022, which is designed specifically for connected diabetes devices, helps improve the safety of these products and increase confidence of users that the products will be secure.
What Is IEEE 2621.1?
IEEE 2621.1-2022 aims to help manufacturers of connected diabetes devices (CDDs) develop more secure and thereby safer products. It proves grounds for confidence to stakeholders—including patients and consumers—that a CDD device meets its cybersecurity claims.
IEEE 2621.1-2022 is targeted to wireless diabetes devices and their components (e.g., operating systems, network stacks, apps). It specifies a framework for a connected electronic product security assurance evaluation program, with specific requirements and guidance relating to digital diabetes devices and solutions, such as insulin pumps. The standard has the following objectives:
- Provide for security evaluations of electronic products performed to high standards, including the ability to achieve protection and an overall contribution toward enhanced safety, privacy, and security for electronic product stakeholders, including product manufacturers, resellers, users, and administrators
- Improve the availability of connected electronic products that have been independently evaluated and certified to meet such standards
- Reduce the use of ad hoc, unreliable, and low security assurance connected electronic product development and evaluation methods that can increase risk to electronic product stakeholders
- Continuously improve the efficiency (cost and time) of the security evaluation and certification of connected electronic products
Why Is Secure Information Important for People with Diabetes?
Patients with diabetes have an extremely high need for secure information flow to display glucose information and deliver insulin dosing commands when sensor and actuator information is transmitted wirelessly through connected medical devices. Therefore, sound cybersecurity is needed for connected diabetes devices to maintain confidentiality, integrity, and availability of the data and commands.
IEEE 2621.1-2022: IEEE Standard for Wireless Diabetes Device Security Assurance Evaluation: Connected Electronic Product Security Evaluation Programs is available on the ANSI Webstore.
