Industry Healthcare and Life Sciences
Solution Type Risk and Compliance Management
Needs Insulet needed to prepare a medical device system for review for DTSec certification. We conducted an end-to-end security assessment of the device and its drug platform management system.

“We are highly supportive of DTS’ efforts in pushing commercial best practice guidance for cybersecurity in the connected medical device systems space. We are committed to remaining at the forefront of best-in-class standards for security to ensure patient safety and privacy.”
- Dr. Aiman Abdel-Malek, Executive Vice President and Chief Technology Officer at Insulet Corporation.

“Certification per the DTSec Standard demonstrates a commitment to cybersecurity by the manufacturer of this connected wireless insulin pump system. The Omnipod® DASH™ System is part of the Internet of Medical Things and is the first insulin pump system to be DTSec-certified. Diabetes Technology Society commends Insulet Corporation’s dedication to improved safety and security demonstrated by achieving this important milestone.”
- Dr. David Klonoff, Clinical Professor of Medicine at UCSF and Chair of the DTSec steering committee

With the proliferation of Internet-enabled medical devices, TUV Rheinland OpenSky sought the opportunity to pursue testing according to the Diabetes Technology Society’s “Standard for wireless Diabetes Device Security” cybersecurity assurance standard and program, known as DTSec. DTSec is the first consensus cybersecurity standard for connected diabetes devices with input from academia, industry, government, and clinical centers of excellence. Established by the Diabetes Technology Society in 2016, the goal of DTSec is to raise confidence in the security of connected medical devices through independent expert security evaluation.

One of the prerequisites for being a DTSec Accredited Lab was to show proper laboratory accreditations, which TUV Rheinland OpenSky was able to achieve. As a DTSec Accredited Lab, TUV Rheinland OpenSky’s credentials and experience stood out from other security companies. Our company had a clear edge to evaluate and test Insulet Corporation’s Omnipod® DASH™ Insulin Management System against DTSec Version 2.0.

The evaluation and testing provides confidence to users of connected diabetes devices that the products include the security protections claimed by their developers.

With TUV Rheinland OpenSky, Insulet had a partner with credibility in the medical device space. Our team does not just check the boxes during the evaluations. Our team works closely with organizations to establish testing best practices and identify the types of threats that need to be addressed in the final design and implementation phases of product development.

The practices at the TUV Rheinland OpenSky lab align with the Healthcare Information and Management Systems Society (HIMSS), the Medical Device Innovation, Safety & Security Consortium (MDISS), and ISO 15408, to meet the expectations of the Diabetes Technology Society.

At the end of the day
Through comprehensive risk assessment, threat modeling, application, and penetration testing, Insulet was able to do the following:
  • Protect their business medical device management system from cyber risks
  • Mitigate potential compromise and exploitation
  • Enhance device safety for end users
TUV Rhienland OpenSky had previously conducted a “deep dive” into Insulet's device and drug management system to help them develop a formal risk assessment and threat model to factor in the inherent risks and attack vectors unique to medical devices. This methodology was reviewed and supported in FDA workshops. An example of categorical analysis was in elevation of privileged attacks. Through previous testing and assurance, our testing team was able to satisfy the requirements of DTSec. Moreover, we also conducted end-to-end intense dynamic medical device, mobile and application security testing. The overall assessment and security testing supported Insulet in its successful preparation, submission and eventual achievement to earn the first DTSec certification for medical device system.

Company Profile:

Insulet Corporation (NASDAQ: PODD) is an innovative medical device company dedicated to making the lives of people with diabetes and other conditions easier through the use of its Omnipod product platform. The Omnipod® Insulin Management System provides a unique alternative to traditional insulin delivery methods. With its simple, wearable design, the disposable Pod provides up to three days of non-stop insulin delivery, without the need to see or handle a needle. Insulet also leverages the unique design of its Pod, by tailoring its Omnipod® technology platform for the delivery of non-insulin subcutaneous drugs across other therapeutic areas. Founded in 2000, more than 150,000 users across the globe rely on Insulet’s Omnipod® Insulin Management System to bring simplicity and freedom to their lives.

Before you leave…
want to sign up for our newsletter?