It's not the FDA. The FDA just cares that you have a process, have thought about the risks, and are following your process. It's lawyers and culture that are preventing progress. The open-source diabetes community has had mostly-positive interactions with the FDA and we have gotten most of our needs met by scheduling meetings with the committees and discussing the testing processes that we use. Now Tidepool, a non-profit type-1 diabetes data/research tool vendor is taking up more of the torch there and they're getting a version of Loop, one of the big open-source artificial pancreases, approved by the FDA.

The Medtronic devices mentioned didn't do much other than require a serial (in plain text) number to be present in a handshake. Ben West put a ton of work into making the RF comms usable and working with the FDA to establish what the legal limits were. The results are here here. He dropped out of the community several years ago to make Dexcom (a continuous glucose monitor manufacturer) play nicer with the diabetes community from the inside. I'm seeing all sorts of ripples of that in the products coming through the pipeline, but now it's through cooperation with pump manufacturers and Tidepool to actually innovate in an area that has long been stagnant.

Disclaimer: I was under a contract to write the Tandem T:Slim insulin pump drivers for Tidepool.

For some additional background the community has also recently reverse-engineered the currently-on-the-market Omnipod RF commands. They have a similar vulnerability surface as the Medtronic pumps, but they are a direct competitor to Medtronic. By taking the "high ground" here and publishing an advisory for decades-old insulin pumps they can push to get *their competitors'* pumps pulled off the market for cybersecurity problems before their popularity increases too much and increases the "domestic pressure" that Medtronic talked about during their last quarterly call.

This is a straight-up attack on patients to protect their monopoly, just like when they collaborated with the big insurance companies to drop coverage for out-of-warranty pumps by their competitors a couple years ago and it was met with a great deal of patient push-back.

The used insulin pump market is interfering with new pump sales for Medtronic right now because the open-source community has developed their own closed-loop artificial pancreas software and it works a lit better than what Medtronic is offering so I suspect they pushed for this advisory. There is a new class of "connected interoperable pumps" being released by their competitors that will communicate with open-source software (Tidepool Loop) that has been FDA type certified and they're spreading some FUD to deal with actual market competition for the first time in decades. The pumps listed as vulnerable are *old*, most of them 10 years gone from the market. Yes it's insecure, but there are many more patients benefiting from this than are being harmed by it. I know that I sleep well essentially every night now and that definitely wasn't true before we developed OpenAPS. If you're a type-1 patient reading this and want to know how you can make use of that old insulin pump in the closet go and read this: https://openaps.readthedocs.io...