Buggy app for insulin-delivery device puts diabetes patients at risk of hypoglycemia

No fix available yet for over 100,000 Omnipod 5 customers

by · The Register

The maker of the Omnipod 5 insulin-delivery system is warning customers that its controller device isn't registering decimal points in every case, potentially leading to dangerous doses being administered.

Insulet says it received two reports of "adverse events" directly related to the issue, without detailing exactly what these were. It has written to customers to highlight that delivery of the wrong dose can lead to "severe hypoglycemia." The company is developing a fix, although it is not yet available.

The issue stems from the way decimal places are handled in the controller's bolus calculator – a tool for determining the correct insulin dosage alongside eating a meal.

For example, if a user eats a meal with 30 grams of carbohydrates, the app will determine how much insulin is required to be administered alongside it based on a real-time reading of the user's current glucose levels.

In the example outlined in Insulet's urgent field safety notification, eating a meal with 30g of carbohydrates and a current glucose level of 6.7 mmol/L would require an additional dose of 0.3 units of insulin.

If the user entered the 0.3 value in a different way, such as .3 or .30 – any value without a zero entered before the decimal point – the device would ignore the first decimal point and issue a dose for either three or 30 units respectively.

Insulet reminded users to always check the bolus amount before confirming the dosage and said the device is still safe to use. Users can cancel dosages during administration if they catch the error in time.

"We are working diligently to correct this issue and expect a software update as soon as possible," the company said. "We will inform you via email and update our website. Once available, the update will be pushed to your device. You will not lose settings or history because of this update."

Omnipod 5 is available in the UK, Germany, and the US. The affected devices depend on the geographic location of the user. 

UK and Germany diabetic customers control the Omnipod 5 dosage using the Omnipod 5 Controller, a dedicated device loaded with the required software to control insulin delivery remotely.

US-based users have access to the same application but as an Android app, which according to the US-specific field safety notice posted by customers bemoaning the issues, all versions of the Android app are affected. Only the current version of the standalone Omnipod 5 Controller (1.2.0) is affected in Europe.

It appears from multiple reports that the issue isn't affecting some users, and some are only able to recreate it by following specific steps.

Customers on the Omnipod Reddit community have reported varying experiences. Some have said that as far back as three months ago the app would, at times, remove the leading zero when manually entering values to the bolus calculator.

Others have said they can't reproduce the issue at all, with every attempt to type a decimal point failing until a zero is typed first.

"Unfortunately often when developing software and services, many focus on testing for legitimate use cases to ensure that the feature is working correctly," Sean Wright, head of application security at Featurespace, told the The Register.

"However, many forget to test different scenarios where behavior is not normal, such as inputting invalid data into the system. Missing these test cases can have a severe and negative impact ranging from things such as security vulnerabilities to disasters. 

"While it's unlikely to be able to cover all possible scenarios, it is important for development teams to try think of as many as possible and include them in their numerous tests."

According to an earnings call earlier this year, Insulet CEO Jim Hollingshead said the Omnipod 5 has more than 100,000 customers out of the company's entire customer base of around 360,000 people.

Recent press material has also said following its first European launches this summer – the UK in June and Germany in August – Insulet plans to roll out Omnipod 5 to more European countries starting in 2024.

A spokesperson at Insulet told The Register: "The health and safety of our customers is our number one priority. As such, Insulet issued a voluntary Medical Device Correction for the Omnipod 5 App on compatible Android Smartphones in the United States and the Omnipod 5 Controller in the United Kingdom and Germany, related to the bolus calculator.

"We have informed all impacted users of the affected app and devices and provided instructions on how to avoid the risk of errors related to bolus delivery. It is safe for users to continue using the Omnipod 5 Automated Insulin Delivery System." ®

AstraZeneca bets $247M AI can create a cancer-fighting antibodyStartup Absci will turn to its generative AI algorithms to design synthetic proteinKatyanna Quach, 04 Dec 2023Boehringer Ingelheim swaps lab coats for AI algorithms in search for new drugsMixing IBM's foundation models and proprietary data to discover novel antibodiesRichard Speed, 01 Dec 2023Regulator says stranger entered hospital, treated a patient, took a document ... then vanishedScottish health group to tweak security checks, access authorization to avoid a repeatPaul Kunert, 01 Dec 2023UnitedHealthcare's broken AI denied seniors' medical claims, lawsuit allegesPost-acute care algorithm allegedly comes up short 90% of the timeThomas Claburn, 15 Nov 2023