More than 200 people with diabetes injured after software issue drained insulin pump batteries | CNN
edition.cnn.com
More than 200 people with diabetes have been injured when their insulin pumps shut down unexpectedly due to a problem with a connected mobile app, the US Food and Drug Administration said Wednesday.
"hello, I would like to inspect the firmware of the insulin pump/pacemaker/artificial heart that keeps me alive, can I have the copy of the source code?"
"no? it's proprietary? well golly! guess I'll trust ya in blind faith then!"
The problem is their insurance company may not give them another option in the American for-profit healthcare system.
Like I said. Blind faith it is.
Yes, that is true any time you are given no choice. But also an unhelpful blaming of the victim.
That's not even remotely the point I was trying to make.
Medical software should not be treated the same as any old random proprietary code.
Right now we just have to trust that "the car has airbags" because no-one is allowed to open it up and check.
That shouldn't need to be the person themselves, but that's the bare minimum of what a sane situation should allow.
Medical devices go through FDA testing and have had software engineers writing closed source code for 40 years. For the most part medical devices remain pretty safe.
And yet
Yes, mistakes will happen sometimes when there are billions of devices out there. And if you think just having code in the public will prevent future mistakes I have a bridge to sell ya.
I love how whenever you advocate for this kind of improvement, someone always feels the need to try and dismiss you because "it still won't mean the world is perfect".
You assume I'm under some delusion that if only enough people were allowed to check, every mistake would be caught every time.
I'm not.
And you're being rude about it.
Lol I just said it wasn't blind faith, that there was an effective agency and you started linking statistically irrelevant data. I never said it can't or shouldn't be improved simply that you were factually wrong. Devices go through considerable testing at multiple worldwide bodies and in general these programs are mostly effective at weeding out dangerous products.
Cool.
Unfortunately firmware-related problems especially is something regulatory bodies haven't kept up with. They'll test the device, sure. But not necessarily every line of code that might ever interact with it.
Overall they are operating under outdated levels of complexity while medical device manufacturers are running ahead with wireless functionality, mobile apps, over the air updates, etc.
It's not obvious to me how these things are related, could you elaborate?
they mean that the insurance would only approve one model. i don't think there are any open source pace makers though.
And this is why I will never work in biotech, finance or (especially) military software engineering
I don't want the risk of something I do causing direct harm to another person
I have only written potentially life-threatening code once in my life. It had to do with voltage/current regulation in the firmware of a high-powered instrument used by field workers at the company where I work. It was a white-knuckled week I spent on just a single page of code, checking and re-checking it countless times and unit testing it in every conceivable way I could imagine.
In the military, direct harm is the only goal. Not quite like the others.
I think I could get very nervous coding for the military, depending on what sort of application I was working on. If it were some sort of administrative database, that doesn't sound so bad. If it were a missile guidance system, on man! A single bug and there goes a village full of civilians. Even something without direct human casualties could be nerve-wracking. Like if it were your code which bricked a billion-dollar military satellite.
Speaking of missile guidance systems, I once met someone who worked a stint for a military contractor. He told me a story about a junior dev who discovered an egregious memory leak in a cruise missile's software. The senior dev then told him "Yeah, I know about that one. But the memory leak would take an hour before it brings the system down and the missile's maximum flight time is less than that, so no problem!" I think coding like that would just drive me into some OCD hell.
yeah. doing a bad job could even save lives. it would be a moral duty to screwup /s (yes I know that is not how it works)
That’s what I thought before but it doesn’t matter. In medical devices you need good programmers and there are a fuckton of rules and tests to make sure that devices are safe. It’s also very regulated and usually well planned.
Medical companies are the best for this because we’re all accountable directly or indirectly and we do our best. I know I would not work for another kind of coding job because they would all feel too random.
I know mistakes can happen, but it’s the best environment you can work in if you’re a developer. Also you learn a lot and are surrounded with good devs who will make you better.
Anyway, I’m not trying to convince you but we need people who doubt and could be careful. It’s not at every job but usually it’s: planning is good, overtime is not acceptable because it shows bad planning, tests are everywhere (all kinds of tests), merge requests are serious business (your merge request can sit for weeks before being integrated), doc is central and you have to be a part of it, etc.
Last but not least you can still find the PDF of the IEC 62304 which shows every step that should be made to write medical software, and it could make you a better developer even if you’re not working in that field.
Or aerospace
what about that kid on the front page of the new york times that bought a rose gold lambo and retired at 30.. he made a police scanner app.. no mention of how its been used to kill and rob and avoid getting caught. he's pictured in the article weilding a flame thrower standing in front of his car, no mention of ethics.
I'm not pro police by any metric, but cartels 100% use the app for murder and human trafficing, not a second thought, check out this 30 year old's lambo
TIL police scanners are one weird trick for free infinite murders!
Lol, what? More so than a firearm, that app is a tool. Scanners can be used to increase vigilance and engagement in a community, and to keep citizens informed about possibly very high stakes goings-on. In most places in the US, at least, it is your right to monitor any cleartext comms as long as you are not a convicted felon.
And when people are so excited about cybernetic implants I’m like “hell no, i know the firmware for that will go to the lowest bidder and I don’t want to willingly connect myself to that”
You might be forced to choose between that or not being able to get a job due to having to compete with other people who perform better due to cybernetic implants
"welcome to your first day at Amazon. When you clock in, your implants will take over and complete your duties. At the end of your shift your motor function authority will be returned"
"Due to a software glitch, you worked an extra 500 hours. You will not be compensated for this extra time as it was not mandatory or compulsory."
"you are responsible for your excrement, regardless of your nervous system control status. Your actions necessitated another cybernetic employee to clean the work area. You are encouraged to handle these matters when off Amazon property"
I hope the company is sued into oblivion. Cause this kind of lack of quality control and monitoring is unacceptable.
I hope not.
First: You can't avoid bugs. You simply can not.
Second: There aren't that many producers of good insulin pumps and the t:slim is a great device.
Yeah, it’s probably one of the best out there. I don’t love that with their newest pump it’s 100% phone controlled (literally no screen on the device) but there is no way in fuck I am ever trying a Medtronic pump again. Had one for a day because my insurance wouldn’t cover a new tandem pump. It was such a piece of shit
The fact that an app big drains the pump and no fail safes monitor for example the battery drain on the pump itself.. hey this pump is using more battery than it should.. battery will be flat in x hours.
Next time it will inject too much or too little insulin and then?
Avoiding bugs by doing proper QA and building in double and triple checks is the name of the game, not being faultless.
Yeah, I get the sentiment that you can't avoid bugs and I think to an extent they are inevitable at a certain point. But something like this is just negligence.
My company isn't medical or anything life threatening if something goes wrong, but a bug could cost someone a nice heap of money, in turn costing us a nice heap of money. So we have a rule to treat and test our software as if it were used in the medical industry. Although it seems like we should be aiming for a higher standard at this point.
Yeah, that was a failure. But wishing a company to be "sued into oblivion" is a tiny little bit overreacting, isn't it?
How about to just move on and get yourself a model from a different company, if you don't trust them anymore instead of assuming stuff.
Why is it an overreaction? The only language a company speaks is money. So the risk of not doing proper QA and safety precautions should be the shareholders losing their shirt.
Because if this is not the risk, the cost benefit analysis leans towards "fuck the lives of our customers".
If an individual caused this kind of harm to others through negligence they would never see the outside of a prison even again. So why does a group of individuals shielded behind a company get punished less? If the punishment is just a fine, it is not really a crime, is it?
And about moving on, I care about all the people that have one of these things or will get one in the future. The whole "Caveat Emptor" you seem to be preaching does not fly well with me as it exposes many vulnerable people to high risks.
So 214 people let the battery on their (USB Rechargeable) insulin pump die and reported it to the FDA…
Then again Tandem is kind of a shitty company. They based their algorithm in part on data from insulin pumps that had been returned to the manufacture for a software update. Without consent.
Switched from an industry standard luer-lock connector to a proprietary one after purchase. Then required all supply ordering to go through their own sales department and a single manufacturer.
Camped on the design for a small portable pump they patented back in 2012 until there was a viable competitor with innovative technology.
You know what… I think I have a phone call to make :-)