Artificial Pancreas Implantables -- How Healthcare Professionals May Deal With DIY Bio Cases

TL;DR

This paper explores how healthcare professionals manage the intersection of regulated and DIY artificial pancreas systems, highlighting cybersecurity risks and legal uncertainties in clinical practice.

Contribution

It analyzes the challenges faced by clinicians when dealing with DIY bio cases and discusses the implications for cyberbiosecurity and regulatory frameworks.

Findings

DIY systems create legal and clinical uncertainties.

Reconfigured insulin systems pose cybersecurity risks.

Clinicians face new challenges in managing non-regulated devices.

Abstract

Automated insulin delivery (AID) and artificial pancreas systems increasingly serve as safety-critical cyber-physical technologies in clinical care, integrating sensors, algorithms, software, and insulin-delivery hardware to automate a life-sustaining therapy. While regulated commercial systems are supported by formal approval pathways, manufacturer governance, and post-market surveillance, clinicians are also encountering patients who rely on do-it-yourself (DIY) artificial pancreas systems that operate outside conventional regulatory and institutional control structures. This paper examines how routine clinical handling practices intersect with cyberbiosecurity risk across both regulated and DIY AID systems. When insulin delivery systems are fundamentally reconfigured into a bespoke AID system, with the patient-user becoming the primary threat vector by assuming manufacturer-level roles without mandated governance, the entire ecosystem of stakeholders is placed in legal and clinical uncertainty.