Artificial Pancreas – DIYers used a security flaw to bypass the $8.3 billion insulin delivery business
The $250 DIY, non FDA approved, Biohack That’s Revolutionizing Life With Diabetes Type 1. and insulin delivery
When her daughter, Sydney, was diagnosed with Type 1 diabetes at age 8, Kate Farnsworth stopped sleeping through the night. She’d set the alarm for 3 a.m. so she or her husband, Dave, could prick the girl’s fingers and check her blood sugar. If the results were worrisome, they’d adjust her insulin and keep checking every 15 minutes. At 6 a.m., another alarm went off to signal the next insulin dose, but by then, Kate had usually snapped awake again already. When Sydney got home from school each afternoon, Kate was there to check her glucose level. “Diabetes is one of the only diseases where you’re sent a prescription and have to adjust the dosage on your own” forever, Kate says. For Sydney, the biggest worry was “how I wouldn’t ever be normal again.”
Two exhausting years in, Kate found the beginnings of an alternative in an online forum. A loose confederation of do-it-yourselfers were working on a system that would eventually help link an insulin pump to a glucose monitor and connect both to a smartphone app. The idea was that the wearer—or her parents—could track and adjust her blood sugar, in person or from afar. That would mean fewer pinpricks, and far fewer alarms, because her blood sugar would stay out of the danger zone. Most of the time, the contraption would be able to regulate the wearer’s insulin itself.
Two long years after that, Kate, a graphic artist in the Toronto suburbs, was able to follow the community’s step-by-step instructions and build her daughter what amounted to an artificial pancreas, the organ that regulates blood sugar. Suddenly, the Farnsworths could take a breath. Sydney, now 15, is still using an updated version of that DIY system, which, because a fellow DIYer donated the pump, cost only $250 to make. “I’m really happy with where I am now,” she says. “It’s so simple to just click a button and give insulin while I’m on my phone.” The app she uses, connected to a sensor under her skin, keeps monitoring her whether she’s sleeping, taking a math quiz, or doing jumps on her snowboard. “It has totally changed the way we manage diabetes,” Kate Farnsworth says.
Twenty years ago, internet utopians envisioned scientific innovation gradually becoming more open-source. Instead, most amateur “biohacking” has remained fringe-y and often focused on aesthetics—inserting lights under the skin as a fashion statement, for example. But like the prosthetic arm a teenager built himself out of Legos, the device keeping Sydney alive is a rare example of the idea working out, at least in microcosm. By some estimates, as many as 2,000 people around the world have used a home-built pancreas, cobbled together mostly via social media and the free-code clearinghouse GitHub. Tech support consists of parents and patients who use Facebook Messenger or email to help newcomers fix bugs or revive busted equipment. There are plenty of potential converts: In the U.S. alone, about 1.3 million people have Type 1 diabetes, and there are indications the technology could also help some sufferers of Type 2, the group that accounts for most of the world’s 422 million diabetes cases.
Although no users have reported a disastrous malfunction, trusting your life (or your child’s) to a DIY pancreas carries obvious risks. The U.S. Food and Drug Administration is years away from approving a comparably flexible and automated rig for sale. “You’ve got a group that is circumventing all of the controls that are in place,” says Hooman Hakami, president of the diabetes group at Medtronic Plc, the leader in the $8.3 billion market for old-school diabetes devices. “I can show you what a few of our engineers have put together over a weekend, and it would blow you away. But we don’t call that a finished product. We call that a prototype.”
So far, though, the rough-and-tumble version is way ahead of the market. Apple Inc. and Eli Lilly & Co. have hired DIYers, and Medtronic’s latest FDA-approved product can now do most of the things the Farnsworths’ system can—for $7,000, before insurance. It’s not hard to understand why diabetics and their loved ones might opt for the Farnsworth model, says Courtney Lias, who oversees chemistry and toxicology devices at the FDA’s Center for Devices and Radiological Health. “You can do everything on your phone except manage diabetes,” Lias says. “You should be able to do that, too.”
The DIY pancreas movement would never have happened if not for a Medtronic blunder. In 2011 a pair of security researchers alerted the public that the wireless radio frequency links in some of the company’s best-selling insulin pumps had been left open to hackers. Medtronic closed the loophole after the researchers warned of risks to patients, but it never recalled the devices, leaving thousands in circulation.
By then, Ben West, a programmer and diabetes patient in San Francisco, had decided to hack the pump. “This is not what I wanted,” he says. “This is all a last-ditch effort.” He says he’d been careful to use his existing pump as directed but still wound up in the hospital more than once when his blood sugar veered dangerously high or low. He despised needing to retreat to the corner of a party to prick his finger and test his blood sugar, and he couldn’t stand how his pump itched and came unstuck during yoga.
Working evenings, weekends, and vacations for five years, West reverse-engineered the pump’s communications code, making it possible to send the device instructions. During that time, a group of DIYers calling themselves Nightscout figured out how to relay data from glucose monitors to a smartphone or watch, so parents could monitor kids’ blood sugar levels remotely. Theirs were the instructions Kate Farnsworth followed to build a homemade wireless link for Sydney’s glucose monitor and do the coding needed to create a custom display for the Pebble, an early smartwatch. Kate could then watch Sydney’s blood sugar move on her watch in real time during the day, texting her daughter if she saw any irregularities. And Sydney could watch her blood sugar move without drawing attention to herself in class.
In June 2014, West met Seattle couple Dana Lewis and Scott Leibrand, who had written an algorithm that could suggest insulin doses. The next step, they decided, was to automate the insulin pump using software. The three traded ideas on GitHub and at the Twitter office where Leibrand worked. By December, Lewis, who has diabetes, had hooked up her new artificial pancreas. At first, she intended to use it only while she slept, but it left her so well-rested that she kept it on during the day. “It has constantly surpassed my expectations,” she says.
West, Lewis, and Leibrand posted their work in early 2015. It was intimidating for nonprogrammers such as Kate Farnsworth to try to replicate, but when DIY coder Nate Racklyeft created Loop, a more user-friendly version for the iPhone, Farnsworth decided to try it out. Yet another DIYer gave her an old, hackable Medtronic pump, which she connected to a glucose monitor and the app using a tiny Bluetooth-equipped computer called a RileyLink. It was designed by Minnesotan DIYer Pete Schwamb, whose daughter, Riley, has diabetes.
In 2016, with the components spread out on the desk in her home office, Farnsworth decided to test the system with water and without Sydney, by then 13, attached. She filled the pump and aimed its tube into a napkin, watching it spit out tiny jets of faux insulin as the app showed her daughter’s blood sugar rise and fall. “I could see the logic of it,” she says. After two days, she was satisfied everything worked properly, and on a weekend when the family had no other plans, they tried it out for real. “That was the first night I slept through the night in years,” she says.
Farnsworth set up a Facebook group called Looped to help other parents follow her lead. Today it has more than 4,000 members, and Farnsworth spends several hours a day answering messages from curious parents. “They know their kids the best,” she says, “and sometimes technology or medicine is slower and doesn’t know what we need as much as we do.” Loop volunteers have shipped about 2,000 RileyLinks, built by a Kentucky company that mostly makes parts for electric guitars, as far away as China and Sierra Leone.
Nightscout, the DIY group, has grown from five families in April 2014 to some 55,000 people in 33 countries. A European team recently created an app for Android phones and cracked the code in a popular pump from Roche Holding AG. About 50 people signed up for the Android system last month, says developer Milos Kozak.
On a warm weekend in late May, Kozak hosted about 20 DIYers from around Europe in Prague. Accustomed to conversing via Gitter, a chat platform for open-source coders, it was the first time many had met in person. The youngest of the group was 15-year-old Tebbe Ubben, who’d helped build his own artificial pancreas and had traveled by train from rural Germany. “If I can showcase something that results in a manufactured product changing, that’s exactly what I want,” says Jon Hudson, a U.K. software engineer who helped Ubben with his rig.
At least one big device maker has given up on the artificial pancreas. Johnson & Johnson shut down its project last year, saying it could no longer charge enough for its hardware to make further research and development worth its while. Despite shrinking profit margins, however, the DIY projects have helped stir industry interest by showing how much patients want the technology. Medtronic is working to better automate the $7,000 version that about 100,000 people are using. As is, it doesn’t customize blood sugar targets for individual patients and isn’t approved for young kids, whereas some parents are using the DIY system for toddlers.
Medtronic, which sells about $2 billion worth of diabetes devices a year, is among the companies that have come to regard the DIY community as allies. Company reps meet with DIYers regularly to help them better understand how new technologies such as fast-acting insulin will affect their system, says Ali Dianaty, who handles R&D in Medtronic’s intensive insulin management unit. Marie Schiller, who runs Eli Lilly’s two-year-old artificial pancreas project—and has used the Loop app for her own diabetes treatment—has invited hackers including West, Lewis, and Leibrand to talk to her developers. West has gone on to work for Eli Lilly partner DexCom Inc.
“We’re going to get to the point that anybody taking insulin will be on a connected system of sorts,” Schiller says. “We’ll have information flowing from various systems to help people manage the disease better than they’re managing today.”
For Sydney, that day has come. For the past two years, she’s been able to go on sleepovers without elaborate planning in advance. On roller coasters, the app automatically dials back her insulin to keep adrenaline from sending her blood sugar plummeting. On snowboarding trips, she tucks her RileyLink into the front pocket of her overalls, and the system hums along while she’s carving turns down the mountain. “I would never want to go back,” she says, “to the way it was before.”