Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Securing Automated Insulin Delivery Systems: A Review of Security Threats and Protective Strategies

Yuchen Niu, Siew-Kei Lam

TL;DR

This paper provides a comprehensive survey of security threats and protective strategies for Automated Insulin Delivery (AID) systems, a key safety-critical medical wearable. Using a hybrid approach that combines survey and PRISMA-based systematic review, it maps attack vectors across confidentiality, integrity, and availability, and reviews defense mechanisms spanning protected communication, IDS, and control-strategy assessment. It highlights regulatory gaps, real-world vulnerabilities, and the need for lightweight, adaptive defenses suitable for resource-constrained wearables, illustrated with open testbeds and datasets. The authors propose a multi-layer security framework and outline open challenges, emphasizing standardization, trustworthy defenses, and patient-specific modelling to enable robust, real-time cyber-physical protection of AID systems with meaningful clinical impact.

Abstract

Automated Insulin Delivery (AID) systems represent a significant advancement in diabetes care and wearable physiological closed-loop control technologies, integrating continuous glucose monitoring, control algorithms, and insulin pumps to improve blood glucose level control and reduce the burden of patient self-management. However, their increasing dependence on wireless communication and automatic control introduces security risks that may compromise patient privacy or result in life-threatening treatment errors. This paper presents a comprehensive survey of the AID system security landscape, covering technical vulnerabilities, regulatory frameworks, and commercial security measures. In addition, we conduct a systematic review of attack vectors and defence mechanisms proposed in the literature, following the PRISMA framework. Our findings highlight critical gaps, including the lack of specific security evaluation frameworks, insufficient protections in real-world deployments, and the need for comprehensive, lightweight, and adaptive defence mechanisms. We further investigate available research resources and outline open research challenges and future directions to guide the development of more secure and reliable AID systems. By focusing on AID systems, this review offers a representative case study for examining and improving the cybersecurity of safety-critical medical wearable systems.

Securing Automated Insulin Delivery Systems: A Review of Security Threats and Protective Strategies

TL;DR

This paper provides a comprehensive survey of security threats and protective strategies for Automated Insulin Delivery (AID) systems, a key safety-critical medical wearable. Using a hybrid approach that combines survey and PRISMA-based systematic review, it maps attack vectors across confidentiality, integrity, and availability, and reviews defense mechanisms spanning protected communication, IDS, and control-strategy assessment. It highlights regulatory gaps, real-world vulnerabilities, and the need for lightweight, adaptive defenses suitable for resource-constrained wearables, illustrated with open testbeds and datasets. The authors propose a multi-layer security framework and outline open challenges, emphasizing standardization, trustworthy defenses, and patient-specific modelling to enable robust, real-time cyber-physical protection of AID systems with meaningful clinical impact.

Abstract

Automated Insulin Delivery (AID) systems represent a significant advancement in diabetes care and wearable physiological closed-loop control technologies, integrating continuous glucose monitoring, control algorithms, and insulin pumps to improve blood glucose level control and reduce the burden of patient self-management. However, their increasing dependence on wireless communication and automatic control introduces security risks that may compromise patient privacy or result in life-threatening treatment errors. This paper presents a comprehensive survey of the AID system security landscape, covering technical vulnerabilities, regulatory frameworks, and commercial security measures. In addition, we conduct a systematic review of attack vectors and defence mechanisms proposed in the literature, following the PRISMA framework. Our findings highlight critical gaps, including the lack of specific security evaluation frameworks, insufficient protections in real-world deployments, and the need for comprehensive, lightweight, and adaptive defence mechanisms. We further investigate available research resources and outline open research challenges and future directions to guide the development of more secure and reliable AID systems. By focusing on AID systems, this review offers a representative case study for examining and improving the cybersecurity of safety-critical medical wearable systems.

Paper Structure

This paper contains 53 sections, 5 figures, 9 tables.

Table of Contents

  1. Introduction
  2. Methodology and Materials
  3. Background
  4. Technical Description and Vulnerabilities
  5. Wireless communication
  6. CGM
  7. Control Algorithms
  8. Subcutaneous Insulin Pump
  9. Regulation Standards and Guidelines
  10. Commercial Products
  11. Attack Vectors in AID systems
  12. Threats to Confidentiality
  13. Eavesdropping
  14. Do-it-yourself (DIY) hacking
  15. Threats to Integrity
  16. ...and 38 more sections

Figures (5)

  • Figure 1: Overview of the paper.
  • Figure 2: Taxonomy of security threats and defence strategies in AID systems.
  • Figure 3: PRISMA diagram for the screening process.
  • Figure 4: Publication trend of attack and defence literature.
  • Figure 5: An overview of a hybrid closed-loop insulin delivery system, illustrating core components, workflow, and potential functional vulnerabilities. Dotted lines indicate wireless communication links between modules, while solid lines represent direct attachments to the patient’s body or integrated elements - adapted from 80.