CGM Cybersecurity Assessment Dashboard

Review each criterion and determine the cybersecurity performance of your CGM.

Forward Writing

Criteria A
Forward Writing

Cybersecurity Vulnerability: Glucose data can be overwritten or altered during transmission to CGM reader (forward writing).

Risk to Patient: Inaccurate glucose values can lead to inappropriate treatment decisions in real time.

Evidence: Demonstrate that transmitted data does not match data stored locally on device.

Backward Writing

Criteria B
Backward Writing

Cybersecurity Vulnerability: Glucose data can be overwritten or altered locally on the device (backward writing).

Risk to Patient: Inaccurate glucose values can lead to inappropriate treatment decisions in real time or on retrospective data review.

Evidence: Demonstrate that the glucose data stored locally on the device is altered, by recording the data immediately before and after the attack.

Device Metadata

Criteria C
Device Metadata

Cybersecurity Vulnerability: Device information (serial number, device identifying information, or other) can be modified.

Risk to Patient: Alteration of device serial number or identifying information may be used to inform calibration settings. Changing them may lead to inaccurate CGM calibration and thus inaccurate glucose readings.

Evidence: Demonstrate a single device reporting different device information before and after simulated attack.

Privacy / Local Data

Criteria D
Privacy / Local Data

Cybersecurity Vulnerability: Unauthorized access to device (authorization given without authentication)

Risk to Patient: Breach of sensitive patient data.

Evidence: Demonstrate that data (glucose values, plain text, encrypted data, or other) stored on the local device can be read by an unauthenticated device.

Additional Scenario

Optional