Mom! I Broke My Insulin Pump... Again!

I'm Jay Radcliffe i'm a senior security analyst for guardians going to be talking today about medical devices specifically medical devices dealing with diabetes insulin pumps glucose meter space to that major just a little thing before that when i walked in you know i noticed that they put me right next to the memorial party and you know part of me and i worked in the same place doing the same kind of things the phrase I use is we we played on the same flagrant he was a very brilliant technical person and we really didn't agree on a whole lot of things and that I thought was a good thing brought a lot of expected we had many arguments over

how we should go about doing fixing medical devices and somebody that the community is gonna surliness and makes me sad to see that he's done that so let's talk a little bit about how why I'm up here and how I got to be up here this is me at five taking apart whatever I could find and that's pretty much how I got started doing a lot of these things I've always been a kind of person to taste thing apart breaks them and usually doesn't put it back together I've got 23 years of computer security experience and administration at IBM and I previously ISS and now currently working within Guardians doing a lot of security district securities test test

day and hands-on stuff also been an SEC amateur radio operator since 1992 and that gives me a lot of perspective of a lot of hands-on experience with Hardware RF wireless things all that good stuff I have a bachelor's degree in criminal justice pre-law so that gets me in front of lawyers a lot which is awfully boring and i have my master's degree the second gineering as far as diabetes and application is concerned I've been a type 1 diabetic since my 22nd birthday I've been an insulin pump user from 12 years gives me a lot of experience to know exactly how these devices interact with human body and that's where talked about a lot you guys probably don't get

a lot of experience hands-on with these devices seeing what they do how do they connect to the body how do they interact with a human being and that's going to be a huge part of what this talk is about I've had the pleasure of wearing over seven medical devices in my diabetic career so because i'm a geek i select these devices i use them i experiment with them and we do all sorts of neat stuff and so that's what stuff as you guys see also two years ago I gave this small talk at black hat 2011 on breaking the humans gate system for fun and insulin where I showed that the Medtronic insulin pump has pretty much

no authentication I was able to suspend insulin delivery with that pump with my computer and remote McDonald which was kind of interesting we got a little bit of attention he said dumb Donald so we're going to talk about today we could see today I had a lot of devices Don is unpacking them right now I brought over 30 medical devices those stuff and diabetic related you know i'm going to talk for about a half hour and then you guys can come up we can poke at these devices look at up you can ask questions i'll actually test my blood sugar if you want coke myself with needles do all that kind of stuff the absolute of the

house meals blood everywhere how are these device talked about how these devices impact a patient right a lot of the time these technical talks go into what we can do with these technically but give you a little bit of understanding of why I have these things attached to my body and what happens when things go wrong I'm going to talk a little bit about how vendors are reacting to these issues as far as when I tell them there's something wrong with them how receptive they are to do those things I'm also going to show some funny videos and pictures so they want a little bit of facts about diabetes right there are over three billion type 1 diabetics in

the united states alone and there are over 80 people diagnosed every day with type 1 diabetes total 15 million dollars was 15 billion with Abby dollars was spent on health care costs for type 1 type eggs so there is a ton of money being spent a lot of it on devices it's not the medication as much as the hardware and the devices and the things that attach those devices that generate a lot of cost is patron there are over half a million insulin pumps you use worldwide and some of them are as old as 15 to 20 years so you have a lot of devices out of field there that could could contain a lot of mobilities motor

abilities that we've already published mounted vulnerabilities we don't know about this is really important okay there are two types of diabetics and for diabetic if you tell them they're one and there you're wrong it's kind of offensive so what type 1 diabetic produces no it's on whatsoever our pancreas is dead as far as that's concerned right this used to be called juvenile diabetes because it only happened to kids it's not just happening to kids huh now I was diagnosed 222 I've met people that were diagnosed in their 40 there's a test that they do that see if you're using aeneans let it all it's actually very easy very quick test a type 2 diabetic is really a big growth

area as far as health costs are concerned these are people that still produce insulin but they have problems usually insulin resistance and insulin production so you're not producing enough insulin or your insulin is malfunctioning in some way or you just below your pancreas out and it's just tight right so with the amount of obesity we have for a variety of other reasons this is has a huge spike and a lot of type 2 diabetics also use these devices as well so the devices will talk about today our users across all diabetics peers what is diabetes why why do I talk about so much well to understand what the implications of these medical devices are you have to

understand a little bit about this disease right and it basically boils down to a human SCADA system the liver produces fuel in the form of sugar and you also eat sugars carbohydrates so we have all this sugar coming in and to generate energy out of it to convert it to energy you need a special chemical called insulin this insulin is produced by the pancreas and it allows the body to use these sugars now in non-diabetics and even diabetic your blood sugar should be between 80 and 120 you might get to 144 you non-diabetics you go crazy max british chocolate place right but you're really going to kind of stay in that low 100 range diabetic diabetics

are way outside house what happens when a diabetic has really high blood sugar it is called paper glycemia which is too much and not a dozen story so let's say for example is getting part about 32 grams of carbohydrates and I just can't get myself in my sugar is going to rise about 200 points in about 45 minutes that varies by that diabetic but that's pretty much what's going to happen to me so if I'm perfect at 108 a Snickers bar and I get distracted to get myself down and so on an hour later I'm going to be well over 250 now is your turn what is that do I'm going to have a lot of

thirst an unquenchable thirst like I can't even describe how thurs do you get all I have to bring to get all the water and then I'm ready for another day on water right the reason that is is the sugar ease process to the kidneys you have excess sugar your body goes I need liquids to get through two kidneys you're also it affects the way the chemistry works in your body you start to get blurred vision you get headaches you have energy problems because your body can't use any of that sugar it's going to switch to burning effect which is very it greece's ketones it produces all kinds of different things that's a different form of burning energy

long-term we're talking kidney damage because you work the kiddies you know at well over one hundred fifty percent grab neuropathy you start to lose finger and toe sensation a lot of out-of-control diabetics will start to get things amputated their feet their legs their hands and you also get circulatory problems all parts of your body needs sugar to run so with it doesn't have sugar you get more capillaries and more capillaries and more capillaries and that causes a lot more problems with the entire circulatory party well that sucks this sucks more which is global issue called hypoglycemia a lot of times dye packs will just refer to it as tight going let's say you just stickers bar and I get myself twice game

is signing right just get myself insulin for a Snickers bar dynamic a team and I started a hundred questioners will just drop and drop and drop the drum and what happens is as my sugar drops below 70 my body says okay we're going to start shutting things down it will start with my fingers I'll start to shake I'll start to sweat I will start to everything will set her down to let's just keep the heart at the brain brain is no different than the thermium where you start to lose control of your body a little bit you lose coordination you have impaired mental judgment I had you have a primal urge to eat the only thing

people think about is who I need I need right now eat and I'm not going to stop eating till I feel better this is very similar to being drunk and people often get mistaken for being drunk when they are very low blood sugar which you have hyperglycemia it's untreated it can lead to death regard your brain running sugar if you don't have any you know there was a 10-year study that should somewhere between five to ten percent of all type 1 diabetics will die from hyperglycemia or head of the senior issues this shot when I researched this and fountains out that is a very very scary thing so my sugar could go love my freshman car my sugar could go low and

nobody could be there to help me I could go to a coma and if I way over shoot well that's it now thought that coffee abstain from being drunk in their low brain starts shutting down it's a very scary thinking act really weird guidance screen here his name is Alan he runs diabetic camp that I volunteer at and he is an ER physician with type 1 diabetes and he is rather legendary four hits high post this video is up him high point this guy is you know for religious reasons doesn't drink so I assure you that this is not him going on vendor but i will show you about 45 seconds of video here about what looks like for

diabetic to to my phone

[Music] that's a gel pack that you use to increase your sugar it's horrible tasting it's kind of hard to hear about it thank you he doesn't so he doesn't have pants on watering concern oh so it's kind of hard to hear but he gets really crazy he looks he looks like he's really has no idea what's going on and he really doesn't a lot of people who make hypo really bad like this when they get under 50 they have no memory of it they can't remember what happened it kind of I rather got it so obviously it's a pretty scary thing let's talk about the technology little bit so let's talk about glucose meters this is

probably something that you everybody see grandma has one or so but you know has one this is a small electronic system that uses disposable finger sticks to measure blood glucose levels what you end up doing is you poke your finger to get a drop of blood and put it on the stick and it tells where your blood Sugar's this has a wild tolerance for accuracy it's about plus or minus twenty percent which most I've ex are pretty pissed off but I think it's just a limitation of the chemistry in the in the fingers case now where the money comes from here is that the finger sticks are about 50 cents to a dollar apiece so if I have to test my sugar

five or six times day that's five or six dollars worth of test dress today so that gets really expensive really quick I just have to give the meters away for free because there's no money the strips they're bugging them now what we're starting to see now is a pigment pumps we're seeing bluetooth in the pumps the one here on the far right actually hooks up to your iPhone so you can take your blood sugar in astoria your iphone i have probably 15 different glucose meters here if you guys would look at oh yeah test that I even brought strip so if you're really curious you can test your own blood sugar and things like that the next generation of that

are called continuous glucose meters what this is it's a very fine wire that goes under the skin and measures the electrical value of your subcutaneous fluids and based upon those electrical values that it measures it can do some fancy back and tell you what your blood sugars are in real time so these things take sample every five seconds and you calibrate it a couple times a day and it will give you your blood sugar results a little page your leg place where you can actually see what it is a real time so instead of having five samples a day or two examples a day you can have thousands of samples a day these sensors are approved to wear for three to seven

days on your body most of them most 5x usually wear them for two weeks I took if we get about 20 days out of the sensor the longer you wear a sensor the more accurate it is just has to do with the calibration the little blighter gets angry your fluid system and some cool calm and whatnot this is a key component to the artificial pancreas project which is how to combine and make kind of a closing the self autonomous system that correct your luxury this is a huge component of it and I have got two samples for you guys to look at up here about how it attaches to you and then I have one

attached to my body right now that you're welcome to look at and I brought 192 probably insert myself so if you want to see that process we do that one all of these devices have wireless in it now right especially the glucose meter these these ones where this glucose sensors and they're all over the place of technology wise they have 900 megahertz once 400 megahertz ones 2.4 gigahertz ones and usually their proprietary communication methods so it's not using a standard protocols some stuff that they hold themselves I haven't seen one that's been improved again it transmits into clear usually transmitted something that's transmitted ID and on the electrical values and self the next generations these products

going to be using bluetooth LE and aunt their standardizing these because they want to piggyback on cell phones so that way they can do stuff with the dead isn't that a wonderful idea let's use our cell phones for everything they also were creating docs so you can plug the receiver into a dock and that they can transfer all this data to the cloud because who doesn't want their private personal medical data in time that's such a wonderful I feel so much safer having everything now the big prize for most diabetics is the insulin pump rather than give yourself multiple daily injections you protect up to an insulin pump and it delivers the insulin on a hermetic basis

for you it does this there an infusion set that attaches to your body with small plastic tube the FDA approves these for about three days so I wear this thing it's kind of a nine millimeter plastic to connection to my body and that's how they it gets the medicine gets into my system too important insulins here it's the same insulin but what's referred to as basal insulin and this is measured by the hour so i'll get x my and snow over the course of them are a bolus injection is done with the amount of insulin or carbohydrate so when I need 50 grams of carbohydrates I give myself x money these are kind of two examples of how

that works the guy that bar right here is the first insulin pump it was sighs backpack it's huge Brianna huge bad news now it is they're really tiny they're about this big they run on doble batteries which you'll see is a interesting little challenge when it comes to changing them an end to what can happen you change better this is the guts of the pump that I have the Adams pain it uses an msp430 it uses its very standardized advil serial flash so these boards are easily accessible once you take a part of device and you can poke around and look these type things and kind of view hardware hackers stuff holy grail all biotechnology is closing

the loop that's when you have the ctm Phoebe insulin pump data and the insolent couple thing for you you don't have to think anymore and it will react to what a blood sugar does so your blood sugar goes up it will give me more insulin your blood sugar goes down we can be less insulin just like your pancreas for lots of potential problems here one is what we don't use encryption with the sea champs so it pretty easy to spoof set together right no real time clocks so you're not going to prevent any brand replay attack know what that case you want so ever and there's no encryption so pretty much kappa paradise right we can do anything we want to the

sensor data we can make a closed loop its look home to whatever we learn we can also jam the sensor data these tiny little things around watch batteries for a year at a time so it's nano lots of transmitting power so if you show up with popular bill watch your hands better you can make you can she have all the sensors and nobody gets any data and that everybody has no sense of etiquette now reporting problems that device vendors have is a big issue right two years ago when i talked to medtronic they were not entirely open or ready for that conversation yet and the FDA recently since that time has gotten a lot better and a lot more involved in

this kind of getting that ball rolling they came out last month and said cybersecurity is going to be a criteria for rejection for medical device approval like before that they would look with the cyber stuff but they had no ability to reject a device on that so they found blaring security holes on it couldn't be a reason to reject the device they have changed that and now it is part of criteria so medical device to vendors hopefully we'll start reacting to that and being ready to have that conversation let's talk about that conversation let's see how this works in the real so I had an adverse experience with my animals pain I had a severe hypoglycemic

event in March I had sub 50 sugars about what am Loki up in a cold sweat I was like wow really really low like scary little like I'm going to pass out any minute out of Hygiene that's bad right didn't have to go to the hospital was able to correct it at home alone or at home but with you know standard eating procedures with what up but the next day I was like and so I'm just doesn't sit right with me like I don't do that at 1am to that severity level what happened so I go back I kind of do a root cause analysis and I pulled my history and did the math on paper right over boldest by

eight units quote haha oh my little bro's by eight units well i did a change before his bed and then I did some fullest after that because my sugar was high and that's what I had anything to do with changing the battery now I have a demo but I don't have a video camera so it's been really kind of hard to show this okay so I yeah I might do it after the talks over and show you guys exactly what happens but I have a slide on the next one here that shows exactly what I'm talking about so please get your diabetic or you know a diabetic don't play around with this it's very very dangerous I'm a professional

I consult with experts I do this hopefully not a lot but I do this is what happened before the battery change there's such statistics called insulin on board insulin on board is how much insulin is in my body and the insulin pump keeps track of that it's the last for about four hours so it degrades over time when I changed my battery the insulin pump through that information away it decided it was irrelevant so what my calculation was here I was supposed to get five units after the battery change if you look at it because it doesn't keep track of that evening a legend in this example now this is really scary because I depend upon this

device to calculate the correct amount of medicine to give me to give you an idea how significant this is a 16-2 over Bowl this for me is the difference between being perfect at 100 and being at negative 50 which is dead now technically I'll wake up and about 60 I'll start to feel it and I can correct it but let's say i don't i'm probably going to die in the situation because it too much insulin now i went and grabbed the other insulin pumps I had to see if this was just a standard feature and everybody did that and they govern it when they change their battery and this is the only pump on the market that does

this which is really surprising to me the battery change takes all the three seconds gun screw this thing pull battery up the new battery in there so i went to the FDA and I said hey I don't know if this is cyber security issue but it's a computer problem for sure what you guys want me to do with it and the FDA said wells computer base and it's move medically very dangerous so I want you to submit it to through the EMDR the electronic medical recording system so this empar is functional but it's not really designed for security things it's designed for people that have issues but you know trying to submit a computer bug or a

design flaw to it is it's not what it was intended for they also wanted me to fax it or mail to them manually which was a rather annoying because it's the FDA in government they were like this is embarrassing but if you fax it to us like no so we ended up getting to him now what happens after death like the FDA that's the submission to make sure that I'm not just some goofball doesn't know how to use my thumb then the vendor gets notified and they have 45 days to contact me it's like this very nice animist nurse called me to make sure I was okay at Sunday and I am and she was

like so I've heard a typo and there was this beautiful change and into you know really sorry about that were over Europe and I'm like that's great but what are you gonna do about it she's like what he mean she's like he to pay attention when you change a battery I said yeah but that's not a solution like what if your head a nine-year-old we've had an autistic kid but if able low functioning but if you have wii fit your mom when I for scared to death technology well it's safer this way simple safer how she goes it's just safer okay I don't like to ask like this so she has committed initially they were

really great their PR person called me as a call that aren t and her medical officer it was I was like wow this is impressive there to take this seriously yeah not so much first off the medical officer said we would like you to stop referring to this as a bug and we would like you to start referring to it as a design flaw because it's not okay so stop calling them okay thanks then they're like you should read emmanuel it's in the manual so yeah this is the manual you have two sentences one on page 72 and what I'm page 172 if you're 400 page book and they're like well you do we it's your fault go back well you

know I tend to go computer to you know I don't think that I'm you know your average everyday user if this fooled me and this got past me I think of that most of your patients are not going to remember this and they were like yeah well we have will keep that we have no intention facing as I live I just showed you twice and reported the FDA you will fill me with this bug and you just have to fix it like yeah but we take the real it's seriously like all of our customer's concerns and maybe in the next generation product will do something about that and they aggressively push that this was the safest design their

endocrinologist on the phone is like this is this is absolutely the safest thing to do I mean what is it that five seconds you gave yourself homo Jason I was like what I diabetic you have any idea how this product is used like I've been a diabetic for 14 years been on it sometimes for 13 years I can count on one thing I've got on one hand after a major blunder accident how many times I've into the junction manually he's like well we have to design it for those criteria I said what about the criteria that I just showed you because well yeah if you have anything else to add mr. ecko fine another life anyways if we

wanted to fix it we could we have to report to recognize it will take us years to get this past time which is total I all right you can patch medical devices without going to the FDA belt they had absolutely no jurisdiction area that a fact Abbott just came out with a patch for a glucose meter that they pushed out over the Internet within less than a month of getting reports that had a problem and it was a EDB tiny problem even considered with passion really but they felt that they needed to patch it and they get that by notifying all the users go to this website play in the USB port like a new firmware done so the FDA

is not an excuse for that now I got lots of diabetic stuff up here some of its are taking part I want you guys to come up and look at it you can ask me questions I've got insulin pumps ETFs I can uh take off my shirt I just show you how to tackle scary here right I'll show you how to catch any human body blackpool questions all that stuff first thing I think you guys should do is thank all the volunteers at bsides they do an absolutely wonderful job putting this event on it's been nothing but flexible experience so make sure they thanked them and thank the people that run this this is my contact

information if you're too shy come up and ask me questions here or all week feel free to shoot me an email or can hang up on Twitter or send me a telegram or our biggest event at the fastest be tough we move over figure it out them so thank you very much I appreciate you coming we've got it how much time we got left how much time this [Music] oh the patching process for the enemas come i'm ninety percent certain that they hard coded the firmware [Music] it's got an infrared port so I think theoretically you could patch it through that but i'm ninety-five percent certain that they have absolutely other than detached with us so maybe a folded

Viceroy hall which would be like expensive so I don't think they're going to do that but I'm kind of go to war with a little bit here in a couple hours they were supposed to send a PR person to do a press conference with me in black hat in two hours conveniently on Friday they had a traveler conflict and they will not be attending planet atmosphere so so we'll just have to run alone the other questions yes I have done some fussing over that pretty much though it's when it's an open protocol that's pretty easy to reverse you can do so much more dangerous stuff when they're not doing any crimping or anything like that that

you know it's pretty pretty damaging you get the fuzzy when you do that weird stuff but I mean you just tell it to turn off yeah so fingers have been responsive FDA has been responsive how do you see us getting better and Getti more an action support so the question is how do I see us getting better you know that's tough the same thing is i think that the fastest way to get to that process would be for somebody to die of something like this because the FDA can't do anything about it until that happens and then the legal liability is patent so that Hankins and that's really what drives the world you know these devices are so hard to get a

hold of the only reason that I have to dive back devices so much that access to it insulin pumps or six thousand dollars you need a prescription even get one so you know that the hardware hacking community can't go to target by five every blow up in tell you how bad they are there's only a handful of us doing that type of thing one of them gone now so I don't know we're really done you know I I'm hoping that we can get together as a community and push this issue hard you know what I'm hoping to do that and I'm reaching out to people to do that type of thing but it's something we're gonna have to do as a

community I can't I can't you know not a single individual commute take a thing you know we have to push as a community to show these are dangerous things you can't just blow them off you have to listen to us and uh you know that's that's really what about that's crying them I'm deaf I'm trying to push that's why I'm showing you guys as much as I get you the red bag

hi great question you can so

yeah so one of the problems is that when you die your body chemistry changes significantly one of the things that they did in that 10-year study was and they put it somewhere between five and twenty percent actually it does because of a proscenium so you can't test blood sugar after death look like those all walking in chemistry or as you can't do it so for those of you looking for a stealthy mechanism low blood sugar is a pretty good way because you just can't test them so it's really really hard to do like was it the insulin pump did you overdose you can guess you can speculate on it based upon some sort of stantial

things as you can you can't you can't nail it down for sure I'm wearing when I'm sure yes do any of the Animus people you've been talking to why actually used in the product I've no idea none of the people that were on that call the head of R&D the endocrinologist the PR person not an appetite ones so my suggestion is you can actually get to sit down anyone who works there company just their product take a laptop in the meeting I line all the security problems in saying I'm gonna hit this button on a gamble yeah maybe that's strategy to do it that's only a fickle it was the lawyer who happens to have it for the company

that's this possible yeah where's our peoples correct yes like monkeys it's way more yeah I would love to get my hands on some you do you most hey you want to ask that in the nice letters for that they don't give it to me understand I tell them I'm only going to use them for good or glass Mourinho anything I look on ebay there's some so like other ways to get devices big friends meeting local coroner's office then full of devices out of bodies before they before they buried them to cremate them so if you make your home very Frankenstein right and yeah it's uh it's creepy but you know some of those sides so those

things you have to do to get some of those things so the ice and pacemakers up here that i bought on ebay to mux piece their demos they have dead batteries in them but the guts are all in it so I got those these devices are also able to purchase on ebay because you need a license or prescription to find them so when they show up on ebay in there short periods of time trying to get pulled so that you have to go and me like a black market grey market that's the lie steal or essentially to get into that field hardware hacking so you kind of have to cover up your sources to find

out you know how you got your hands on these devices and how you got your you know how you get your research subjects yes sir to get better getting its columns with having access to my students invention everyone frustration sure the FDA is actually a lot of buzzing products go downtown to do some or most testing that kind of goes along their cyber security initiative so we'll see if they get better but you got to remember these things are so long term like what their engineering now isn't going to come out for three or four or five years so that it actually accurately evaluate their security I'm going to have to wait for four or five years to see what those

products are like before I can say this even more stalling unless I first a patch which most men don't like spiders can't have you the whole mind

yeah yeah what do you repeat again yeah the insurance company stuff here they're making lots and lots of time sometimes none on this well they they buy the device they they broke her through the device and the amount of co-pays that they're paying like to show them that they're losing money on this because it's such a small population they're like its infant is mo word we are swimming in our pools of money you're telling it up bigger essentially tell me almost got lot of bugs yeah it's possible you know trying to try and to try to get them to do that I haven't I haven't had any success approaching them you sir you a question partner has we're

soft one so following application you can see much of a choice in the Senate products are it's critical insurance captain says eight the most insurance companies lock you into something they have a contract in agreement with medical device whether so it's like for example you could pick there's like seven good insulin pumps on the market but they might have already made deal with medtronic Grannis your OmniPod to say this is the one that you're going to get unless you want to pay for it yourself so I think that's experian go ahead but for example my insurance company prefers me to use freestyle meters so I have to fight pretty car to get them to cover any

other type of meter so yes they don't have a lot of choice if you have an awesome trans company believe whatever you want that present awesome there was a Eunice so you mentioned that they pushed back with you saying that you know it might not be able to patch this system I never said that I just said that the FDA wait eight years I've gotta brag about it so one of the things to really push these vendors to incorporate new changes rather than us voicing as a community to the vendors directly saying hey you guys should do this we should be voicing our concerns to the FDA and say hey you know as a part of the approval

process for these devices you should probably also consider that these devices should it will be yeah hi confusion the FDA is pretty powerless Masseria yeah so when they go through the device approval they might get four days with this device from a software perspective to look at this and previously previous to Janet previous to June if they found anything they could objective so like I I've been to the FDA I talked to the executive director who's in charge of this part of testing he's like it's it's a car and as soon as the device is approved they go power so somethings about post-approval let like legally from a legal perspective they can't they can't hold it a vice they

can't make them hatch making recommended things to do but they have they have absolutely no light only in the approval process too damned light so if you're hoping for the FDA to come and save your devices that Calgary's not coming okay yes are you

[Music] perhaps I think three days ago replacement oh no its you just move it around so I've got nice love handles here and I attach them and I rotate them through these love handles to give myself the incident the three day mark is where you start to see infection so that's why we try and change them every three days and then you rotate pretty heavily to love that area of your body and feel as a human ambition to be those types of things you certainly I understand the update early dinner power because they're just gyrating congressional block travels a lot members of Congress respect there are two that ordered a TA Oh investigation after what i did in 2011 senator mark ii

representative mark ii now senator mark ii from Massachusetts and there's a female senator from California in Silicon Valley that I can never remember being su maybe senator boxer points no maybe it's a representative them because I remember her name but they order the investigation they're pretty pretty tuned into that being the Silicon Valley and it's by person to die about the guy Massachusetts is Republican there's your power to treat you yeah I don't know if you've noticed but when Congress kingdom yeah you think they're in a bigger encirclement they came before they came to figure out how they're going to spend their trillions of dollars or figure out what the heck is going on with anything

so oh yeah it could again my hopes for that or yeah I mean it's possible like I said I think if the community is not enough they might do something about it but I think you already the back house giving you from her you are the best

there are a few models in horribleness every country has its own a brutal process so it has it's super expensive to go through that because you have to do it not just for the European Union be endued with every single country and they fast correct things so much faster I don't even think they're looking at any software computer issues they're like it delivers medicine is the medicine safe doesn't do a good job cool improved and that process even that process takes years so now we are question when I can QPS most of the follow up from the FDA essentially being useless and Congress likewise being useless going three marked up in this I assume the goal here as well as

with this specific bug is to get a lot of press on this so effectively you have people deal with this product the harness our insurance company saying we don't want to use this we've seen what can happen you know negotiated you do my boldness isn't true it's not directing the consumerism because i don't think that dive dive excellent remember even though there's a lot of us very very anonymous okay and we're so busy trying to make sure we don't screw up our own insulin that you know we're pretty pretty busy and I don't think that the consumers having power consumer tech no power they don't you think this is this is the antithesis of free money maker right

somebody else is using the product story you get them you don't you guys with that's it and if you can play about it to them because I've already done that and it doesn't do anything the regulators are where it's at I think the people that purchased the devices harbor it's a total hospital should be doing tests on their security devices we could be doing a better job as a community and making those issues heard at the correctional level to get their attention so that way they're in tune with what's going on because really nobody's in tune with this so yeah it's definitely about getting visibility that's a what and we're still working on that yes on this influence chain in

Kirkuk what I going to talk about Harlan what's a good research like this figure out how to use lobby think tanks hearts and minds PR campaigns legal journals regulator employee hacking a lobbying group level as what we need right so if I'm like this chart crap the conversation come on yeah absolutely he is right there to talk tomorrow 11-1130 they'll be talking about how do we how do we make change we have this we do this a lot but what's the next step how do we take this and make big move forward in some folks just a very twice yes it's true same regulations yeah yeah every piece of medical equipment in the hospital is under the

same in those previous to the site that working along definitely status there are there are a few pumps that only use wet or nice known for channel where is they get their signals to technology morphine you to patients then we the windows in the opportunity don't even working Tracy

they have vendors have controllers that link it with Ava device to the FDA and then they can test it but then they get it back so they don't have like a there's no Library of Congress without devices for me to go in and swipe from mr. bolting one more question and you guys can come look at this stuff and okay I can barely hear you sir

yeah the end of endocrinology you know it depends on which one so I'm died about when I got a pneumatic monologist total what I did really a kind of said something he's like hey you probably saw this article at like 12 hours ago Rick it's got a big problem and then tronic bug you don't even odd that said yeah that's me it's like no it's not yeah it's me because really see a dozen you get a drink anymore I said yeah it was good he goes if there's any have you to have you I look so there are some other colleges that are online with that their southern colleges like dirt a lot of them kids about iphone 11-1 actually

meant ronix done great things in the past few years but it took me having to pull their pants off in public but they have gotten them a new c-level executive that takes security that's all about security and privacy all their devices have changed I actually spent a lot of time talking with them they get it now play again it took a lot to get them to understand that and now I'm right back at square one new vendor we're perfect we don't have to catch me it just reminds me of all the stuff that we did with Microsoft you know where they're like no we're going to were going to suit you you can't talk and they've turned around and now they

are very responsible nobody works for mr. your caramel thank you guys for coming you guys want to come out to look at these things feel free [Applause]