The Internet of Things has introduced security issues to hundreds of devices that previously were off-limits to hackers, turning innocuous appliances like refrigerators and toasters into gateways for data theft and spying. But most alarmingly, the Internet of Things has created a whole new set of security vulnerabilities with life-threatening risks. We're talking about the cars and, particularly, medical devices that are now in the sights of hackers—including drug infusion pumps, pacemakers, and other critical hospital equipment.

Now a California medical doctor is teaming up with technologists and patients to develop a new technical standard to secure insulin pumps used by diabetics. The standard, expected to be completed by July, could become a model to help secure other medical equipment in the future—especially because, in an unconventional move, the doctor is collaborating with patients who tinker with their own medical devices.

Dr. David Klonoff, an endocrinologist and medical director of the Diabetes Research Institute at the Mills-Peninsula Health Services facility, became concerned for the safety of his patients after reading stories about security researchers like Jay Radcliffe who found vulnerabilities in his own insulin pump in 2012. The vulnerabilities would allow a hacker to manipulate the dosage and deliver too much insulin, causing a patient's blood sugar to plummet and lead him to potentially fall into a diabetic coma or die. "Right now there is no [security] standard for any medical device," Klonoff notes. "As health-care professionals, we all want to see our patients have safe equipment and not be at risk."

Klonoff wants to find a way to secure insulin pumps to shut out nefarious hackers while still letting patients hack their own pumps for better performance.

Creating a security standard for insulin pumps, however, comes with a caveat: it has to consider the needs of a special group of do-it-yourself patients and technologists who use an existing vulnerability in current insulin pumps to hack their devices and produce better, personalized results.

The diabetes community has a heightened interest in their medical equipment that exceeds that of other patient communities. Klonoff says his committee wants to embrace that rather than discount it. "We have to keep in mind the tradeoff between wanting security and maintaining usability ... and make it possible that a do-it-yourselfer can still do some things with their device," he says. "If we make the standard too tight ... a lot of patients will complain, 'Now I can't use my device.' There is always going to be this tradeoff."