Insulin Pump Involved in Data Breach

“Be careful about reading health books. You may die of a misprint.”
— Mark Twain

Top Story

Data breaches are already tough enough. Unfortunately, sometimes actual medical devices are affected. When a device is affected, two things must happen: one, the devices need to be recalled, and two, the breach still needs to be handled; the information needs to be protected. Recently, a certain brand’s insulin pump was involved in a data breach. The breach affected almost 30,000 users.

Where the Breach Occurred
DiaTribe Learn reported a breach at Insulet, in January of 2023. Insulet is one of the major manufacturers of Omnipod insulin pumps. Almost 30,000 users of the Omnipod Dash pump had their data compromised.

The Information Involved
Insulet released information about the breach. According to the company, the breach occurred on January 5, 2023. Omnipod Dash users had their IP addresses and other personal information shared with third-party consultants. No financial information, email addresses, or social security numbers were involved.

The Investigation
The US Department of Health and Human Services is investigating this breach. The breach is connected to an FDA recall. The Omnipod DASH Personal Diabetes Manager (PDM) was recalled in November 2022. The recall was due to reports of battery leakages and overheating after extended use.

The Aftermath
Insulet released a letter to Omnipod DASH users. The letter states that all data tracking related to the breach on December 6, 2022, has been disabled. Disabling the tracking was able to stop the exposure of health-related information. The company is working with outside entities to resolve all outstanding issues. Insulet’s new insulin pump, the Omnipod 5, was approved by the FDA in 2022. None of these devices were affected by the recall or data breach.

Now that the pumps have been recalled, and no more information is getting disclosed, the data should be secure. Insulet is going to have to figure out how to prevent devices from being affected again. They will also have to make sure that no patients experience long-term harm from the data breach. How this breach progresses while Insulet is sorting it will be interesting to see.

Diamond of the Week

Gert-Jan Oskam 💎

After suffering from a spinal cord injury 12 years ago, Mr. Oskam underwent an experimental spinal implant. Today, he can walk and even climb stairs again! To find out more about his story click here.

Who’s the WOAT

Those traveling to Mexico for Procedures 😡

The second death has occurred from a fungal meningitis linked to undergoing a procedure in Matamoros, Mexico. It is not uncommon for people to travel to neighboring countries to undergo different procedures for a plethora of reasons. Recently, after having surgery under epidural anesthesia, individuals are developing this life threatening infection. To hear more about he situation, and the CDC’s warning see here.

Who Knew

The misconception: To comply with HIPAA you must use high-priced consultants.

Not True! Many consultants and providers claim that HIPAA is one of their areas of expertise, and that their systems are required or endorsed by the government. The federal government does not endorse any private consultants, seminars, materials, or systems. They also do not provide individuals with a HIPAA certification or certify any of products. There is no requirement under HIPAA to utilize these programs. That doesn’t mean that they are not beneficial to maintaining HIPAA compliance, but they are not required.

A Round of Applause For…

Greg Rakas, Head of Sales at Carosh👏

Greg recently signed Jonathan McLeod to Carosh’s VAR program. Congratulations Greg for signing this new client!