I'm a T1 diabetic, have worked on open source diabetes-tech (OpenAPS), and have used a number of different CGMs (though not this one specifically). This story... does not make very much sense.
CGMs (of any brand) are not, and have never been, reliable in the way that this story implies that people want them to be reliable. The physical biology of CGMs makes that sort of reliability infeasible. Where T1s are concerned, patient education has always included the need to check with fingerstick readings sometimes, and to be aware of mismatches between sensor readings and how you're feeling. If a brand of CGMs have an issue that sometimes causes false low readings, then fixing it if it's fixable is great, but that sort of thing was very much expected, and it doesn't seem reasonable to blame it for deaths. Moreover, there are two directions in which readings can be inaccurate (false low, false high) with very asymmetric risk profiles, and the report says that the errors were in the less-dangerous direction.
The FDA announcement doesn't say much about what the actual issue was, but given that it was linked to particular production batches, my bet is that it was a chemistry QC fail in one of the reagents used in the sensor wire. That's not something FOSS would be able to solve because it's not a software thing at all.
> CGMs (of any brand) are not, and have never been, reliable in the way that this story implies that people want them to be reliable
This has been my impression. I briefly used an Abbott Lingo to help me understand some health issues I was experiencing.
It's always been clear to me (including in the app and documentation) that CGMs are an extremely convenient tool as a first line - but struggle in extreme circumstances. And, let's be clear, if you would generally know if your body is in one of these extreme circumstances. You'd probably be feeling like shit.
That's not to mention the device in question, the Freestyle Libre, is (to my understanding) by far the most popular insulin-dependent diabetes CGM available.
This article is equivalent to calling the Boeing 737 unsafe because it's had the most Full Lost Events while completely ignoring it's flown 238.84M flights (which is basically more than the entire rest of the list combined).
> This has been my impression. I briefly used an Abbott Lingo to help me understand some health issues I was experiencing.
> This article is equivalent to calling the Boeing 737 unsafe because it's had the most Full Lost Events while completely ignoring it's flown 238.84M flights (which is basically more than the entire rest of the list combined).
It sounds like you aren't actually diabetic but feel comfortable explaining how people experience using the equipment they use to manage their disease?
Imagine: "Ugh, Linux sucks and the one time a webpage timed out and it said it was running GNU/Linux, I knew that Linux could never work on my desktop."
> This article is equivalent to calling the Boeing 737 unsafe because it's had the most Full Lost Events while completely ignoring it's flown 238.84M flights (which is basically more than the entire rest of the list combined).
You don’t get many people calling the MAX a good plane.
If you include in the count a new model which arguable should never have been allowed to be called the same plane, then yes, your prior good record looks ok. Over various generations the hull loss rate had come down to 0.18 per million flights while the MAX is at 1.48 per million flight.
Muscle movement will cause different reading in mine. They are great for trend monitoring but not reliable for real values. ... Neither are finger measurements as in lower and higher regions they also differ quite a bit. But as usually more measurements by more different methods get you a better image.
That is odd. A too-low reading would result in less insulin and a high blood glucose, which can be extremely uncomfortable but is not immediately deadly.
If it had read too high, it could result in an insulin overdose, which can indeed bring coma followed by death in fairly short order.
Theoretical you can get a hyperglycemic coma but for that to happen you need continued and sustained high blood sugar in the way your toilet would smell like a sugar factory for quite a while.
>If a brand of CGMs have an issue that sometimes causes false low readings
Not sometimes. "Over an extended period".
"Abbott Diabetes Care stated that certain FreeStyle Libre 3 and FreeStyle Libre 3 Plus sensors provide incorrect low glucose readings. If undetected, incorrect low glucose readings over an extended period may lead to wrong treatment decisions for people living with diabetes, such as excessive carbohydrate intake or skipping or delaying insulin doses."
Months of high blood glucose level can worsen patient's condition or if high enough even put them into hyperglycemic coma in weeks(?).
While true, you would have to ignore all other indicators for quite an extensive period of time. Like excessive urination and hypersensitivity being obvious ones. Not impossible but I have the strong sense there is more to this story than reported in the FDA disclosure.
I'm not a diabetic, but even I was skeptical of the title "Seven Diabetes Patients Die Due to Undisclosed Bug"; this draws a very direct 1-to-1 association when in reality, we know that a death would be the result of multiple failures/oversights.
I thought this article would try to sell us on the benefits of formal software verification or something... Though of course, you can't formally verify complex human biology.
Agreed. This story is clearly pushing an agenda to an extreme degree. They spent a lot of time linking to different things and past stories, but the claim of having killed seven people gets almost no coverage in the story. Can we at least get a source to where they’re getting that information?
> Can we at least get a source to where they're getting that information?
Fourth paragraph of the article, first sentence, the hyperlink text says, "the US FDA announcement". The link[1] contains the following under the heading, "Reason For Early Alert":
> Abbott Diabetes Care stated that certain FreeStyle Libre 3 and FreeStyle Libre 3 Plus sensors provide incorrect low glucose readings. If undetected, incorrect low glucose readings over an extended period may lead to wrong treatment decisions for people living with diabetes, such as excessive carbohydrate intake or skipping or delaying insulin doses. These decisions may pose serious health risks, including potential injury or death, or other less serious complications.
> As of November 14, 2025, Abbott has reported 736 serious injuries, and seven deaths associated with this issue.
>Such should be done only with great care, as a false low reading can harm and even kill the patient (who eats a high-sugar-content item while glucose in the blood is, in fact, not low).
I've been a type I diabetics for over 25 years and I don't quite understand this one. Low blood sugar is an immediate life or death situation, but high blood sugar killing people? Just how high was it and for how long?
As someone that has a CGM I still calibrate it by using a blood test every couple of days because the CGM sensors can wander on accuracy.
That seemed odd to me as well (also diabetic). When I'm not being responsible, I can ride out a BG of 300-400 for hours and mostly I'm just lethargic.
That said, my mother in law, who had worse diabetes than me, went without her pump during mine and her daughter's wedding (a bit of vanity about the pump showing through her dress). She was at 600+, and started feeling pretty ill that evening.
High blood sugar should be considered a symptom. High blood sugar can be caused by:
1) Having enough basal or "baseline" insulin but eating too many carbohydrates. This will lead to a high blood sugar reading but no immediate danger (this will cause long term health issues like kidney failure, blindness, etc if you run a high average blood sugar over time.)
2) Not having enough insulin which is incredibly dangerous. This will often presents with high blood sugar but not always. Your cells are not getting enough glucose. Your body responds by releasing lots of short term energy stores. The stores that become glucose still can't enter your cells since there is not enough insulin so your blood sugar will often read high. Your body also breaks fat into ketones which use a different mechanism to enter the cells and don't require insulin. Ketones can provide the energy your body needs and keep you alive for the short term, but they are acidic and will kill if the concentration gets too high (diabetic ketoacidosis -- your blood pH changes enough that it interferes with the normal chemical reactions your body requires)
So the real test for dangerous situations when experiencing high blood sugars is to test your urine for ketones.
From the FDA article, it sounds like the CGMs were incorrectly reporting low blood glucose values for extended periods of time. The closed loop pumps respond to a low blood glucose by lowering the basal rate of insulin. The is dangerous if done for too long a time. Also note that insulin response varies wildly by individual.
From the pumps I use, there is a maximum basal rate adjustment allowed before the pump alarms and kicks you out of the "insulin auto-adjust mode". This was with both medtronic and tandem pumps.
I haven't used the abbot cgm or pump. I would expect there would also be limits to how much the pump will lower your basal insulin rates before alarming. I haven't seen any specifics, but I bet the software bug is allowing a lowered basal rate for too long under continued false low glucose readings and patients going into DKA. (IMHO bad sensors should be accounted for in software and user alerted under any suspicious circumstances)
Needless to say, this is a horrible situation and my heart goes out to everyone impacted.
It depends on what the true blood sugar value was: if someone were already at the high end of normal and a 'brittle diabetic', you can end up in 'diabetic ketoacidosis' for T1DM individuals or—less likely—'hyperosmolar hyperglycemic state' generally.
I’m bound to get type 2 some day. So I learned quite a bit about diabetes now. And low sugar is very bad. So a false low sugar tells the patient to eat sweet things. A high sugar causes lots of damage, but I have never heard of it causing death. Usually something gets amputated first. This finding was strange.
Let’s remember this writer is someone who has diabetes and an axe to grind. This is not news. This is a rant.
I depend on a pump and CGM (currently that's a Dexcom G7 and Omnipod, but I've used other brands as well).
I like the technology, but you have to 1) know your own body and 2) verify if you are uncertain about the readings. Every time I've switched devices I've interacted with diabetes educators, and they pretty much always tell me to always be prepared to verify manually (with an old-school finger stick and test strips).
Additionally, it's not always the fault of the technology, but often where meatspace and technology interface. When you insert a CGM, there's always a risk of the canula not going into the skin correctly. (usually it's a spring-loaded insertion tool and shoot a needle into your skin quickly, but it can mess up if the amount of pressure applied is wrong etc)
In such a case, the sensor that measures your blood will often, where you can't see, sit on top of the skin. This results in insanely low readings. That happens to me a few times a year (I swap out the sensor every 10 days), and you have to listen to how your body feels relative to the readings, and replace the sensor if necessary.
"Globally, Abbott has received reports of 736 severe adverse events (57 in the U.S.) and seven deaths (none in the U.S.) potentially associated with this issue."[1]
Thanks. That’s very different than the headline claim that the issue killed 7 patients. The “associated with” is a broad term in cases like this that means the device may have been used at the time, not that the bug specifically caused the death.
I might have experienced one of these deadly bugs, although I got way to high measurements, not too low.
I bought one of these monitors for fun, because I wanted to see how my blood sugar reacts to different foods. The freestyle libre 3 plus.
After wearing it for some time I woke up one morning to sky high blood sugar, talking 13+mmol/l. My manual measures showed around 4.9mmol/l.
The device was essentially not functioning anymore. I sent the company an email, filed out a report, returned the device and received a new one in the mail.
What the f is ‘early stage’ and ‘advance staged’ diabetic?
My wife is a T1D - you’re either diabetic or not.
Freestyles are not reliable to be used purely for managing immediate levels of glucose - it is more about trends and give an idea of whether it is going up or down.
This appears to be an education issue, for the users and also for the writer.
I understand that low BG is typically much more capable at making itself fatal than high BGs (T1 myself, like half the people in this thread.)
> > Abbott Diabetes Care stated that certain FreeStyle Libre 3 and FreeStyle Libre 3 Plus sensors provide incorrect low glucose readings.
My understanding is the problem is probably the same, or likely related to, the pressure low - where basically if you eg lie down on the side of the sensor, it can produce a false low sugar reading.
Presumably, this could push some (already sick) people towards DKA. DKA can go from "slightly bad" to "crazy bad" in a span of hours. (Don't, or do ask me how I know.)
Add in reluctance of people to go to the hospital in the US, and I can totally see how people might've died because of it.
It's a bit of a swiss cheeshole/perfect storm - poor BG management, likely not well enough to afford a hospital, possibly already sick - and unfortunately I'd imagine economically struggling people are likely to have a significant overlap of many of these at the same time. Tragic, but realistic, given the sheer scale of many people use these devices.
Our almost 5 year old has had T1D for two years. We ended up going the way of a controlled lower carb diet for our entire family. Other than the greatly increased cost to eat this way, it has been transformative for diabetes management of our son, the amount of sleep we get, and the lessened risk of aggressive lows.
We've managed to keep our sons A1C in the 6-7% window after we changed our diet to be heavily carb controlled.
That sounds like great family teamwork. I wish my partner would entertain changing their diet to accommodate this (I've asked). I imagine the challenges of life are slightly more tractable when you genuinely deal with serious adversity as a family unit.
I understand it means an extra burden for all; but to me, voluntarily doing something challenging together for a family members' benefit seems preferable to facing each adversity largely independently.
As an aside, while likely much better than uncontrolled, 6-7% A1C still seems on the high end for lifelong. You probably already know this, but exercise immediately after carbohydrate consumption can also help - e.g. family walk after dinner (another thing my partner isn't interested in)
Although it's possible for someone with type 1 to have an A1C below 6%, it's very difficult. I've known a few people like that, and they are all super users. It's also going to depend somewhat on the lab running the A1C test, personal biology (A1c is not only affected by blood glucose levels) etc. 6-6.5% is superb control! Parent should be very proud. 6.5-7% is still very good, I haven't looked at the distribution of A1c's for T1D recently, but that would be much better than median which I think is above 8%.
Especially with kids, it's difficult since you don't control how much they decide to eat making pre-bolusing meals challenging (part of why reducing carbs tends to be helpful for people is it reduces the need to pre-bolus and makes it less risky since you need less up front meal insulin).
I didn't mean to say it's not superb control for someone with T1D, only that there are likely still some negative health consequences at 6-7%, and that exercise after carbohydrates is one mechanism of potentially getting some additional marginal improvement.
Non-diabetic who's interested in bio-feedback here. The GI graph is indeed dramatic[1].
Equally dramatic, in my experience, is the effect of exercise in modulating glucose spikes. It quickly became apparent that if I walked or worked out at the gym within 30mins of a meal, dGlucose/dt and subsequently max glucose would be dramatically reduced. Eventually, I got into the habit of planning exercise post high-GI meals as a way eliminate spikes.
It was an effective weightloss strategy for me as opposed to strictly a glucose regulation method and a positive experience as a whole as I got to develop an intuitive understanding of a physiological process I had only a theoretical understanding of before.
1. It would have been nice to see a labeled abscissa[2][x-axis].
"... wrongful death lawsuits are typically the only way to hold these companies accountable. Yet, there are very few people who have not agreed Abbott's toxic terms of their proprietary companion application ..."
I (a non-diabetic interested in athletic performance) use an Abbott CGM sporadically and I have absolutely not agreed to any terms of service nor any other agreement of any kind - legal or otherwise.
I bought a purpose-specific, old model iphone from "Back Market" with no SIM card, very briefly allowed it wifi access long enough to download the "Lingo" app, then set the phone to airplane mode. Dedicated, throwaway email and AppleID.
It has never left airplane mode and it works perfectly. Pairing subsequent sensors does not require taking it out of airplane mode.
Further, I have no legal relationship nor have I made any agreement of any kind with Abbott.
I highly recommend that any user of these devices do the same.
In most cases you can’t use the device without agreeing to the terms of service right?
For example a service I use a lot recently changed their terms of service - there was no way to keep using the service without agreeing.
Might be different for devices or services that don’t need internet to function; but even for those you have some “activation” step nowadays that forces you to agree before “unlocking”
Just imagine how different the world would be if this wasn't allowed and any time a ToS was pushed out like this the user had the option to offer a counter ToS and the company must have a human look it over and agree/disagree within a set period of time.
> Who agreed to that ToS ? Abby McAbbott ? With no phone number ? A throwaway email address ?
I don’t think this matters in the way you think it does. If they can demonstrate that you have to click through the ToS to use the device and app, then the burden would be on you to show that you did not accept the ToS to use the device. But therein lies the catch: If you found a way to circumvent their setup process, you wouldn’t be using the device as designed or intended.
"If they can demonstrate that you have to click through the ToS to use the device and app ..."
There's nothing to demonstrate. We will have no interactions.
The op implied (probably correctly) that their ToS is toxic. I am pointing out that there is no reason for you to enter into that ToS.
Are you suggesting that I, an anonymous piggyback user of their service, would blow up my anonymity (and all of the protections and peace of mind that it affords) by attempting to reestablish some form of legal contact ?
No. It's easy come, easy go and that's just fine with me.
> There's nothing to demonstrate. We will have no interactions.
Ok? Then it doesn’t matter if you accept or not.
The ToS doesn’t come into play unless there’s legal action. If you’re never going to enter into legal action with the company then it doesn’t matter if you accept the ToS or not.
> If you found a way to circumvent their setup process, you wouldn’t be using the device as designed or intended.
Liability in civil court is not as simple as you posit. Severability and judge discretion are but 2 ways that immediately can invalidate this line of argument. The cause of actual damages are almost always scrutinized, meaning the company would have to prove that the legal agreement could somehow have prevented the damage. Courtrooms are often mischaracterized as following robotic rules and precedence to ill-effect, as if there aren't people in the courtroom using good judgement. This is largely because those cases are the ones most publicized, not because it's the norm.
That’s orthogonal to the comment I’m responding to. The parent commenter was claiming that because they left a device in airplane mode when they accepted the ToS, it doesn’t count. Like it’s a loophole that allows one to accept it but not have it count.
The actual terms of the ToS will always be evaluated in court. You can’t, however, go into court and argue that the ToS doesn’t apply because you put a fake name into the app and left it in airplane mode.
You also wouldn’t get anywhere if you bought their device but used it with your own reverse engineered app or something, as the app is considered part of the product.
Doesn't really work that way. If you want to sue Abbot, then you have to reveal yourself. At which point, it will be clear that you were in fact using the product and did in fact agree to the ToS. If you never sue Abbot, then sure. But then it doesn't matter.
Part of the benefit of CGM’s is you can automatically load your readings to your doctor. I have a T1 child, so when I call with a problem I can get quick answers.
Related, Abbot previously had problems with their freestyle lite test strips. There were lawsuits, fines and most insurance dropped them from their covered diabetic suppliers.
> I bought a purpose-specific, old model iphone from "Back Market" with no SIM card, very briefly allowed it wifi access long enough to download the "Lingo" app, then set the phone to airplane mode. Dedicated, throwaway email and AppleID.
None of this actually matters if you went through the steps to use the app. The app is designed such that you agree to the terms before you can use it.
You can use all the throwaway emails, devices, VPNs, and other tricks in the world, but unless you can reliably demonstrate to a court that you were utilizing the app in a way that didn’t involve accepting any terms of service then they could simply demonstrate that it’s part of their app flow.
Even using tricks to utilize the device outside of the app wouldn’t help, because they could simply demonstrate that you weren’t using it as designed or intended.
I think my initial comment has been misunderstood.
I can't speak to, nor do I have any interest in, legally pursuing this random vendor.
The op implied, correctly I assume, that the Abbott terms are "toxic".
I am simply restating, as I very commonly do, that this vendor is not a government agency. They are not the IRS. They are not law enforcement. They are an adversarial party until proven otherwise and you owe them nothing.
This is such a bizarre gotcha in a world of rapidly decreasing technical and civil rights. I'm still waiting for someone here to pop out of the gallery during one of these trials going "well, akshually...", and turning everything around. Doesn't seem to be moving the needle, as it were.
> I highly recommend that any user of these devices do the same.
No thank you. I have to wear these devices 24/7 to keep me alive, and it was a huge quality of life improvement when I was able to control them all from my phone. I see literally no benefit to doing what you suggest.
HN School of Law: you can win big legal cases that don't exist on nerd technicalities that don't work in courtrooms that aren't real. Also you can pass their version of the Bar for $99 and your e-mail address.
Tidepool is a non-profit focused on diabetes. Among other things, they are working on an algorithm (loop) that does insulin dosing: https://www.tidepool.org/tidepool-loop
If one wants to separate the hardware (insulin pump, CGM) from the algorithm that controls them, seems like Tidepool is one org to talk to.
Can anyone find the link to the document that claims 7 patients died as a result of these false low glucose readings? It’s strange that this article would go to great lengths to include footnotes and sources for various things except for the core of their claim.
FWIW CVS did sent out a letter via USPS (I use their mail order service) about the recall and the risk. I'm not sure what the "undisclosed bug" refers to.
On one hand, this is a very, very bad bug. On the other, the article is almost of hit job to try to prove FOSS would have solved this issue. There are also a lot of completely factually incorrect statements and wild assumptions.
If my understanding is correct, the device in question, the Freestyle Libre 3, is the most popular continuous glucose monitor (GCM) in production. And, one of only a few approved GCMs available. By the very nature of being an extremely popular device that helps manage a chronic, high effort disease (diabetes management is a massive, massive mental drain) - you're going to have failures.
Not to mention, I've always been under the impression that GCMs have some faults and IF the device reports do not match your expectations, you should confirm with an alternative method (like a finger prick) or seek emergency medical attention (which should have been sought in these extreme circumstances, anyways).
-----
Here's the thing for me. FOSS essentially assumes that the user is going to be willing to understand the underlying details to know when FOSS fucks up. Yes, when FOSS fucks up. That's simply not realistic for any consumer product. If your argument for FOSS relies on users being able to read raw data and interpret things that are only learned by education, that's not a consumer grade solution.
Anecdotally, I used use Abbott's Lingo CGM a few months ago to help get me more data on a health issue I was having. I would never, ever, in my wildest dreams have trusted FOSS to get this right. There's simply too much money/effort/rigor involved in getting these biomedical devices correct to believe that the FOSS community could simply create a better product without actually doing any trials or studies. Not to mention, the recommended app (Juggluco) has a terrible UI. This just isn't going anywhere.
To be clear, this is a deadly bug and Abbott should be held accountable - but claiming the solution is some untested, untrailed, terrible UX is not the answer.
In the context of FOSS adherents in general, the belief is that a rising tide lifts all boats: that the work of one dedicated open source hobbyist auditing CGM code for flaws would benefit all CGM users one way or another, if I apply that general principle here as a specific example. However, the characteristic of shoddy UX is loosely correlated with how much the developer(s) choose to (and can afford to) spend developing their work, not with whether the work is open or closed source. The exact balance shifts over time based on cultural-economic shifts in both developer capability (“what’s a folder? does left-click mean I have to use my left hand?”) and in free time energy (“I did so many hours at work to afford rent/food next week that I have no energy left to care about PRs”).
In any case, I agree that the post falls quite flat at being effective advocacy here; to me, not because it clamors for “terrible UX”, but because it fails to make a case that the author’s desired FOSS outcome holds any value at all for those who don’t know or care about source code. It’s certainly a horror story but I’m quite inured to horror as a sales tactic, and that’s where it drops the ball.
1. Insulin helps get sugar into cells. Glucagon gets stored sugar out of the liver into the blood. Diabetes management in 2025 only deals with supplying external insulin.
2. There are several variants of diabetes. Type 1 is an autoimmune disorder where the body attacks the cells that make insulin.
3. Too much insulin equals all the sugar getting sucked out of your blood and lymph and into cells. This is really bad in an acute way. Your brain cannot run without sugar. Accidentally give yourself too much insulin for the sugars and wind up dead or in a coma in short order.
4. Highs are also bad, but generally in a less acute way. There are exceptions, but being too high with blood glucose for a period of time doesn't have the acute risks of being too low. Diabetics (or their caregivers) carry around quick absorbing sugar sources to help against a low.
5. The peak action (fastest reduction in blood glucose level) of the common insulin, in the way we dose it, peaks 90 - 120 minutes after the dose. The long tail is about 5 total hours of action from the point of dosing. So you should give insulin in advance of when you expect digestion to move glucose into your bloodstream. This is tricky. Also, as insulin ages, the peak of the action happens later. If a new vial is 90 minutes, an nearly empty vial might be 120 minutes after dosing for peak action.
6. CGMs, the on-body instrument in question here, are both flakey and amazing. There's a novel of good and bad here. I'm glad they exist, they can be cantankerous. They are a tiny potentiostat, if that is something you happen to be familiar with.
7. Very high blood sugar is treated with extra insulin to overcome the osmotic pressure of having too much glucose in the bloodstream. There's also a lot of chemistry here (glycocalyx to get you started). If your blood sugar is high you generally need more insulin to get past the hysteresis effects. Once the blood sugar starts to come down, that extra insulin is still around, and can cause a dramatic low. CGMs let you observe this, and "catch the low" by eating sugar to replenish the baseline sugar trapped in circulation.
8. Diabetes management is challenge every day, multiple times a day. Especially with small child who doesn't communicate to you about what they believe about their blood sugar. This is my personal circumstance.
9. Endocrinologists have suggested some wild stuff to my wife and I. For instance, keep a tube of cake icing around, as you can administer it rectally to a child who is passed out (or worse) from a deep low blood glucose. This is how poor the standard of care can be.
Father of 4.5 YO son with Type 1 diabetes, and materials engineer by education.
as a parent of a healthy child I was getting anxiety just from reading what you are going through with this. my dad and sister are diabetics but I can’t imagine dealing with a child…
> The FDA reports that Freestyle injured over 700 people and killed seven people with this bug. Spcifically, the bug caused the device to falsely report an extremely low glucose level. Advanced stage diabetics use low reading information to inform them that they may have too much insulin currently. The usual remedy is to eat something sugary to raise glucose in the blood. Such should be done only with great care, as a false low reading can harm and even kill the patient (who eats a high-sugar-content item while glucose in the blood is, in fact, not low)
I bet almost everyone with a device with that bug was injured more or less, because high blood sugar is a silent damager of many organs resulting in cumulative damage without overt short term symptoms of injury. For example, slow damage to eyesight, kidneys and nerves in the feet.
So my wife has a CGM and is stuck with a fancy pump that is supposed to "automatically" coordinate with her sensor to deliver or reduce insulin when it detects her numbers are too high/low.
I've always been suspicious of the yahoos writing the software that controls these kinds of devices being a security guy and all.
But I also would love to participate in, contribute to or help in any way with reverse engineering, open sourcing, or in some other way making it so that my wife's life isn't dependent upon the quality of software developed by the lowest bidder they could outsource it to.
If anyone knows how I could help please let me know who to reach out to.
Android APS, and xDrip. Getting watches to allow ble connection for CGMs is a great RE opportunity. It is really hard to have stable bluetooth connections.
I worked at medtronic in the early 2000's (early paradigm pumps) and were evaluating wireless protocols and security... at the time we determined it was impossible to secure, once the FDA approved another device maker that did have connectivity there was a scramble to catch up. (this was palmos/pocketpc era).
It was fun work but I always remembered how insanely detailed the code was, 8bit low power microcontrollers (some 16bit) but really really really tight C code.
Then the demand for remote control happened and that really crapped the bed.
https://www.medtronic.com/en-us/e/product-security/security-...
The amazing developer Scott Hanselman built on a PalmOS app to store readings and if I recall correctly wore 2 pumps with fast/slow insulin... he had a cybernetic pancreas in the mid-2000's.
There is no such thing as "diabetes", people should start distinguishing between type 1 diabetes and type 2 diabetes - they are different diseases. Type 1 diabetes is an autoimmune disease with no cure, not caused by food, lifestyle or weight, and is an absolute living hell; while type 2 diabetes is caused by excessive weight and can sometimes be put into remission or even fully cured through weight loss.
Learn about type 1 diabetes to understand why this distinction matters.
Type 1 diabetes is not caused by food or weight. It results from an autoimmune reaction that completely destroys insulin-producing beta cells. No one understands what causes type 1 diabetes, but generally it's believed to be caused by viruses and infections. Sometimes you can read about "genetic factor", but overall majority of people with type 1 diabetes have no family history of this disease.
The incidence of type 1 diabetes has been increasing in many countries, and researchers do not yet understand why. It most often appears in children and young adults and currently has no cure.
Once again: type 1 diabetes appears to be random and has no cure. It's not caused by food or weight in the slightest. And your life (of life of your child and yours too) suddenly becomes an absolute living hell. Think about it for a second.
For some unknown reason public awareness of type 1 diabetes is hugely limited compared with other incurable diseases. For example, in the UK more people live with type 1 diabetes than with HIV, yet until someone is directly affected, they usually know nothing about this disease. It hits them like a train.
FOSS can be written the same as any other software, and there's plenty of FOSS that fails to meet modern best practices.
But a software building code might have saved lives. The same way building codes save lives around the world every day, by ensuring safety-critical things in the world aren't slapped together haphazardly, and are tested for safety.
Ask your representatives in government to assemble a professional body to set software building codes for the software that could potentially kill you.
I'm a T1 diabetic, have worked on open source diabetes-tech (OpenAPS), and have used a number of different CGMs (though not this one specifically). This story... does not make very much sense.
CGMs (of any brand) are not, and have never been, reliable in the way that this story implies that people want them to be reliable. The physical biology of CGMs makes that sort of reliability infeasible. Where T1s are concerned, patient education has always included the need to check with fingerstick readings sometimes, and to be aware of mismatches between sensor readings and how you're feeling. If a brand of CGMs have an issue that sometimes causes false low readings, then fixing it if it's fixable is great, but that sort of thing was very much expected, and it doesn't seem reasonable to blame it for deaths. Moreover, there are two directions in which readings can be inaccurate (false low, false high) with very asymmetric risk profiles, and the report says that the errors were in the less-dangerous direction.
The FDA announcement doesn't say much about what the actual issue was, but given that it was linked to particular production batches, my bet is that it was a chemistry QC fail in one of the reagents used in the sensor wire. That's not something FOSS would be able to solve because it's not a software thing at all.
> CGMs (of any brand) are not, and have never been, reliable in the way that this story implies that people want them to be reliable
This has been my impression. I briefly used an Abbott Lingo to help me understand some health issues I was experiencing.
It's always been clear to me (including in the app and documentation) that CGMs are an extremely convenient tool as a first line - but struggle in extreme circumstances. And, let's be clear, if you would generally know if your body is in one of these extreme circumstances. You'd probably be feeling like shit.
That's not to mention the device in question, the Freestyle Libre, is (to my understanding) by far the most popular insulin-dependent diabetes CGM available.
This article is equivalent to calling the Boeing 737 unsafe because it's had the most Full Lost Events while completely ignoring it's flown 238.84M flights (which is basically more than the entire rest of the list combined).
I am with you, 7 people dying is nothing really, how dare they report this, right??! just how many didn’t die??
maybe when we reach like 10k deaths it’d be OK to report it?
> This has been my impression. I briefly used an Abbott Lingo to help me understand some health issues I was experiencing.
> This article is equivalent to calling the Boeing 737 unsafe because it's had the most Full Lost Events while completely ignoring it's flown 238.84M flights (which is basically more than the entire rest of the list combined).
It sounds like you aren't actually diabetic but feel comfortable explaining how people experience using the equipment they use to manage their disease?
It sounds like I don't quite get your point?
I think you do.
Imagine: "Ugh, Linux sucks and the one time a webpage timed out and it said it was running GNU/Linux, I knew that Linux could never work on my desktop."
The problem with analogies is that they don’t always fit
Wouldn't be HN without knowing everything about something without having ever used it or engaged in it!
> This article is equivalent to calling the Boeing 737 unsafe because it's had the most Full Lost Events while completely ignoring it's flown 238.84M flights (which is basically more than the entire rest of the list combined).
You don’t get many people calling the MAX a good plane.
If you include in the count a new model which arguable should never have been allowed to be called the same plane, then yes, your prior good record looks ok. Over various generations the hull loss rate had come down to 0.18 per million flights while the MAX is at 1.48 per million flight.
How does this relate to the CGM analogy?
Muscle movement will cause different reading in mine. They are great for trend monitoring but not reliable for real values. ... Neither are finger measurements as in lower and higher regions they also differ quite a bit. But as usually more measurements by more different methods get you a better image.
That is odd. A too-low reading would result in less insulin and a high blood glucose, which can be extremely uncomfortable but is not immediately deadly.
If it had read too high, it could result in an insulin overdose, which can indeed bring coma followed by death in fairly short order.
Theoretical you can get a hyperglycemic coma but for that to happen you need continued and sustained high blood sugar in the way your toilet would smell like a sugar factory for quite a while.
>If a brand of CGMs have an issue that sometimes causes false low readings
Not sometimes. "Over an extended period".
"Abbott Diabetes Care stated that certain FreeStyle Libre 3 and FreeStyle Libre 3 Plus sensors provide incorrect low glucose readings. If undetected, incorrect low glucose readings over an extended period may lead to wrong treatment decisions for people living with diabetes, such as excessive carbohydrate intake or skipping or delaying insulin doses."
Months of high blood glucose level can worsen patient's condition or if high enough even put them into hyperglycemic coma in weeks(?).
[0] https://www.fda.gov/medical-devices/medical-device-recalls-a...
While true, you would have to ignore all other indicators for quite an extensive period of time. Like excessive urination and hypersensitivity being obvious ones. Not impossible but I have the strong sense there is more to this story than reported in the FDA disclosure.
It's not that surprising, a lot of people (especially doctors) will dismiss symptoms if "objective" tests show normal levels
I'm not a diabetic, but even I was skeptical of the title "Seven Diabetes Patients Die Due to Undisclosed Bug"; this draws a very direct 1-to-1 association when in reality, we know that a death would be the result of multiple failures/oversights.
I thought this article would try to sell us on the benefits of formal software verification or something... Though of course, you can't formally verify complex human biology.
as a T1D parent, agreed, this a nonsense article and shows the author has no real experience.
> This story... does not make very much sense
Agreed. This story is clearly pushing an agenda to an extreme degree. They spent a lot of time linking to different things and past stories, but the claim of having killed seven people gets almost no coverage in the story. Can we at least get a source to where they’re getting that information?
> Can we at least get a source to where they're getting that information?
Fourth paragraph of the article, first sentence, the hyperlink text says, "the US FDA announcement". The link[1] contains the following under the heading, "Reason For Early Alert":
> Abbott Diabetes Care stated that certain FreeStyle Libre 3 and FreeStyle Libre 3 Plus sensors provide incorrect low glucose readings. If undetected, incorrect low glucose readings over an extended period may lead to wrong treatment decisions for people living with diabetes, such as excessive carbohydrate intake or skipping or delaying insulin doses. These decisions may pose serious health risks, including potential injury or death, or other less serious complications.
> As of November 14, 2025, Abbott has reported 736 serious injuries, and seven deaths associated with this issue.
[1]https://www.fda.gov/medical-devices/medical-device-recalls-a...
Associated with and “caused by” or even “contributing factor” are very, very different bars.
Most deaths are associated with dietary factors. !== eating causes death.
>Such should be done only with great care, as a false low reading can harm and even kill the patient (who eats a high-sugar-content item while glucose in the blood is, in fact, not low).
I've been a type I diabetics for over 25 years and I don't quite understand this one. Low blood sugar is an immediate life or death situation, but high blood sugar killing people? Just how high was it and for how long?
As someone that has a CGM I still calibrate it by using a blood test every couple of days because the CGM sensors can wander on accuracy.
That seemed odd to me as well (also diabetic). When I'm not being responsible, I can ride out a BG of 300-400 for hours and mostly I'm just lethargic.
That said, my mother in law, who had worse diabetes than me, went without her pump during mine and her daughter's wedding (a bit of vanity about the pump showing through her dress). She was at 600+, and started feeling pretty ill that evening.
High blood sugar should be considered a symptom. High blood sugar can be caused by:
1) Having enough basal or "baseline" insulin but eating too many carbohydrates. This will lead to a high blood sugar reading but no immediate danger (this will cause long term health issues like kidney failure, blindness, etc if you run a high average blood sugar over time.)
2) Not having enough insulin which is incredibly dangerous. This will often presents with high blood sugar but not always. Your cells are not getting enough glucose. Your body responds by releasing lots of short term energy stores. The stores that become glucose still can't enter your cells since there is not enough insulin so your blood sugar will often read high. Your body also breaks fat into ketones which use a different mechanism to enter the cells and don't require insulin. Ketones can provide the energy your body needs and keep you alive for the short term, but they are acidic and will kill if the concentration gets too high (diabetic ketoacidosis -- your blood pH changes enough that it interferes with the normal chemical reactions your body requires)
So the real test for dangerous situations when experiencing high blood sugars is to test your urine for ketones.
From the FDA article, it sounds like the CGMs were incorrectly reporting low blood glucose values for extended periods of time. The closed loop pumps respond to a low blood glucose by lowering the basal rate of insulin. The is dangerous if done for too long a time. Also note that insulin response varies wildly by individual.
From the pumps I use, there is a maximum basal rate adjustment allowed before the pump alarms and kicks you out of the "insulin auto-adjust mode". This was with both medtronic and tandem pumps.
I haven't used the abbot cgm or pump. I would expect there would also be limits to how much the pump will lower your basal insulin rates before alarming. I haven't seen any specifics, but I bet the software bug is allowing a lowered basal rate for too long under continued false low glucose readings and patients going into DKA. (IMHO bad sensors should be accounted for in software and user alerted under any suspicious circumstances)
Needless to say, this is a horrible situation and my heart goes out to everyone impacted.
It depends on what the true blood sugar value was: if someone were already at the high end of normal and a 'brittle diabetic', you can end up in 'diabetic ketoacidosis' for T1DM individuals or—less likely—'hyperosmolar hyperglycemic state' generally.
See https://www.mayoclinic.org/diseases-conditions/hyperglycemia... for a discussion of both (in Emergency conditions)
The actual issue with the sensors was that they'd report highs as lows, and lows as highs.
Actually its pretty straightforward. This article was written by a witless clown.
I’m bound to get type 2 some day. So I learned quite a bit about diabetes now. And low sugar is very bad. So a false low sugar tells the patient to eat sweet things. A high sugar causes lots of damage, but I have never heard of it causing death. Usually something gets amputated first. This finding was strange.
Let’s remember this writer is someone who has diabetes and an axe to grind. This is not news. This is a rant.
DKA.
Your comment was Dunning Kruger. Did you stay at a Holiday Inn Express last night?
Oddly the notification brief in germany specifies false-high glucose readings, which would explain the urgency of the problem much better.
For high glucose you inject insulin, but if you don't really have high glucose you end up with dangerously low levels leading to coma or death.
https://www.bfarm.de/SharedDocs/Kundeninfos/DE/10/2025/42777...
Always fingerpick test if the monitor throws a number you don’t feel.
Any diabetic person must have heard and read this recommendation a thousand times.
The actual scenario to worry about is if the number is too high and a close loop system make so the pump injects too much insulin.
I depend on a pump and CGM (currently that's a Dexcom G7 and Omnipod, but I've used other brands as well).
I like the technology, but you have to 1) know your own body and 2) verify if you are uncertain about the readings. Every time I've switched devices I've interacted with diabetes educators, and they pretty much always tell me to always be prepared to verify manually (with an old-school finger stick and test strips).
Additionally, it's not always the fault of the technology, but often where meatspace and technology interface. When you insert a CGM, there's always a risk of the canula not going into the skin correctly. (usually it's a spring-loaded insertion tool and shoot a needle into your skin quickly, but it can mess up if the amount of pressure applied is wrong etc) In such a case, the sensor that measures your blood will often, where you can't see, sit on top of the skin. This results in insanely low readings. That happens to me a few times a year (I swap out the sensor every 10 days), and you have to listen to how your body feels relative to the readings, and replace the sensor if necessary.
"Globally, Abbott has received reports of 736 severe adverse events (57 in the U.S.) and seven deaths (none in the U.S.) potentially associated with this issue."[1]
[1] https://abbott.mediaroom.com/press-releases?item=124718
Thanks. That’s very different than the headline claim that the issue killed 7 patients. The “associated with” is a broad term in cases like this that means the device may have been used at the time, not that the bug specifically caused the death.
I might have experienced one of these deadly bugs, although I got way to high measurements, not too low.
I bought one of these monitors for fun, because I wanted to see how my blood sugar reacts to different foods. The freestyle libre 3 plus.
After wearing it for some time I woke up one morning to sky high blood sugar, talking 13+mmol/l. My manual measures showed around 4.9mmol/l.
The device was essentially not functioning anymore. I sent the company an email, filed out a report, returned the device and received a new one in the mail.
What the f is ‘early stage’ and ‘advance staged’ diabetic?
My wife is a T1D - you’re either diabetic or not.
Freestyles are not reliable to be used purely for managing immediate levels of glucose - it is more about trends and give an idea of whether it is going up or down.
This appears to be an education issue, for the users and also for the writer.
I understand that low BG is typically much more capable at making itself fatal than high BGs (T1 myself, like half the people in this thread.)
> > Abbott Diabetes Care stated that certain FreeStyle Libre 3 and FreeStyle Libre 3 Plus sensors provide incorrect low glucose readings.
My understanding is the problem is probably the same, or likely related to, the pressure low - where basically if you eg lie down on the side of the sensor, it can produce a false low sugar reading.
Presumably, this could push some (already sick) people towards DKA. DKA can go from "slightly bad" to "crazy bad" in a span of hours. (Don't, or do ask me how I know.)
Add in reluctance of people to go to the hospital in the US, and I can totally see how people might've died because of it.
It's a bit of a swiss cheeshole/perfect storm - poor BG management, likely not well enough to afford a hospital, possibly already sick - and unfortunately I'd imagine economically struggling people are likely to have a significant overlap of many of these at the same time. Tragic, but realistic, given the sheer scale of many people use these devices.
I found this video interesting on understanding what type 1 diabetic management looks like:
https://www.youtube.com/watch?v=uHaYPEDGaro
Beth McNally & Amy Rush - 'TCR in Practice: Navigating Insulin for Protein & Fat in Type 1 Diabetes'
At the end of the video there is some strategies described with automatic pumps.
And the graph a t=174 is kind of eye opening:
https://youtu.be/uHaYPEDGaro?t=174
Our almost 5 year old has had T1D for two years. We ended up going the way of a controlled lower carb diet for our entire family. Other than the greatly increased cost to eat this way, it has been transformative for diabetes management of our son, the amount of sleep we get, and the lessened risk of aggressive lows.
We've managed to keep our sons A1C in the 6-7% window after we changed our diet to be heavily carb controlled.
Great work!
A researcher with T1D and present online:
https://andrewkoutnik.com/ https://x.com/AKoutnik/
Interview:
https://www.youtube.com/watch?v=CG8UU7P8FBU Can Keto Transform Type 1 Diabetes Treatment? A Decade of Insights from Dr. Andrew Koutnik
That sounds like great family teamwork. I wish my partner would entertain changing their diet to accommodate this (I've asked). I imagine the challenges of life are slightly more tractable when you genuinely deal with serious adversity as a family unit.
I understand it means an extra burden for all; but to me, voluntarily doing something challenging together for a family members' benefit seems preferable to facing each adversity largely independently.
As an aside, while likely much better than uncontrolled, 6-7% A1C still seems on the high end for lifelong. You probably already know this, but exercise immediately after carbohydrate consumption can also help - e.g. family walk after dinner (another thing my partner isn't interested in)
Although it's possible for someone with type 1 to have an A1C below 6%, it's very difficult. I've known a few people like that, and they are all super users. It's also going to depend somewhat on the lab running the A1C test, personal biology (A1c is not only affected by blood glucose levels) etc. 6-6.5% is superb control! Parent should be very proud. 6.5-7% is still very good, I haven't looked at the distribution of A1c's for T1D recently, but that would be much better than median which I think is above 8%.
Especially with kids, it's difficult since you don't control how much they decide to eat making pre-bolusing meals challenging (part of why reducing carbs tends to be helpful for people is it reduces the need to pre-bolus and makes it less risky since you need less up front meal insulin).
I didn't mean to say it's not superb control for someone with T1D, only that there are likely still some negative health consequences at 6-7%, and that exercise after carbohydrates is one mechanism of potentially getting some additional marginal improvement.
Non-diabetic who's interested in bio-feedback here. The GI graph is indeed dramatic[1].
Equally dramatic, in my experience, is the effect of exercise in modulating glucose spikes. It quickly became apparent that if I walked or worked out at the gym within 30mins of a meal, dGlucose/dt and subsequently max glucose would be dramatically reduced. Eventually, I got into the habit of planning exercise post high-GI meals as a way eliminate spikes.
It was an effective weightloss strategy for me as opposed to strictly a glucose regulation method and a positive experience as a whole as I got to develop an intuitive understanding of a physiological process I had only a theoretical understanding of before.
1. It would have been nice to see a labeled abscissa[2][x-axis].
2. https://en.wikipedia.org/wiki/Abscissa_and_ordinate
+1 I do the same (and when I don't, I can feel the difference, which is generally very unpleasant).
Strong claim in headline ("die due to") that is not substantiated by the FDA report.
"... wrongful death lawsuits are typically the only way to hold these companies accountable. Yet, there are very few people who have not agreed Abbott's toxic terms of their proprietary companion application ..."
I (a non-diabetic interested in athletic performance) use an Abbott CGM sporadically and I have absolutely not agreed to any terms of service nor any other agreement of any kind - legal or otherwise.
I bought a purpose-specific, old model iphone from "Back Market" with no SIM card, very briefly allowed it wifi access long enough to download the "Lingo" app, then set the phone to airplane mode. Dedicated, throwaway email and AppleID.
It has never left airplane mode and it works perfectly. Pairing subsequent sensors does not require taking it out of airplane mode.
Further, I have no legal relationship nor have I made any agreement of any kind with Abbott.
I highly recommend that any user of these devices do the same.
In most cases you can’t use the device without agreeing to the terms of service right?
For example a service I use a lot recently changed their terms of service - there was no way to keep using the service without agreeing.
Might be different for devices or services that don’t need internet to function; but even for those you have some “activation” step nowadays that forces you to agree before “unlocking”
Just imagine how different the world would be if this wasn't allowed and any time a ToS was pushed out like this the user had the option to offer a counter ToS and the company must have a human look it over and agree/disagree within a set period of time.
You know, Kind of like a real contract.
> the option to offer a counter ToS and the company must have a human look it over and agree/disagree within a set period of time.
You technically do have this option. You can send your own terms to a company’s legal team.
The answer will always be no. A law enforcing them to respond in a certain period of time won’t change that. Always no.
It is never cost effective to have lawyers review individual contracts for relatively cheap devices.
"In most cases you can’t use the device without agreeing to the terms of service right?"
Yeah ?
Who agreed to that ToS ? Abby McAbbott ? With no phone number ? A throwaway email address ?
As I said: I have not entered into any agreements of any kind with Abbott. You should not either.
> Who agreed to that ToS ? Abby McAbbott ? With no phone number ? A throwaway email address ?
I don’t think this matters in the way you think it does. If they can demonstrate that you have to click through the ToS to use the device and app, then the burden would be on you to show that you did not accept the ToS to use the device. But therein lies the catch: If you found a way to circumvent their setup process, you wouldn’t be using the device as designed or intended.
"If they can demonstrate that you have to click through the ToS to use the device and app ..."
There's nothing to demonstrate. We will have no interactions.
The op implied (probably correctly) that their ToS is toxic. I am pointing out that there is no reason for you to enter into that ToS.
Are you suggesting that I, an anonymous piggyback user of their service, would blow up my anonymity (and all of the protections and peace of mind that it affords) by attempting to reestablish some form of legal contact ?
No. It's easy come, easy go and that's just fine with me.
> There's nothing to demonstrate. We will have no interactions.
Ok? Then it doesn’t matter if you accept or not.
The ToS doesn’t come into play unless there’s legal action. If you’re never going to enter into legal action with the company then it doesn’t matter if you accept the ToS or not.
I think we agree with one another.
I'm simply trying to reiterate - as often as possible: you do not need to tie your personal identity to products and services like this.
Merry Christmas!
> If you found a way to circumvent their setup process, you wouldn’t be using the device as designed or intended.
Liability in civil court is not as simple as you posit. Severability and judge discretion are but 2 ways that immediately can invalidate this line of argument. The cause of actual damages are almost always scrutinized, meaning the company would have to prove that the legal agreement could somehow have prevented the damage. Courtrooms are often mischaracterized as following robotic rules and precedence to ill-effect, as if there aren't people in the courtroom using good judgement. This is largely because those cases are the ones most publicized, not because it's the norm.
That’s orthogonal to the comment I’m responding to. The parent commenter was claiming that because they left a device in airplane mode when they accepted the ToS, it doesn’t count. Like it’s a loophole that allows one to accept it but not have it count.
The actual terms of the ToS will always be evaluated in court. You can’t, however, go into court and argue that the ToS doesn’t apply because you put a fake name into the app and left it in airplane mode.
You also wouldn’t get anywhere if you bought their device but used it with your own reverse engineered app or something, as the app is considered part of the product.
Fair enough. I apologize for my misunderstanding.
Doesn't really work that way. If you want to sue Abbot, then you have to reveal yourself. At which point, it will be clear that you were in fact using the product and did in fact agree to the ToS. If you never sue Abbot, then sure. But then it doesn't matter.
Part of the benefit of CGM’s is you can automatically load your readings to your doctor. I have a T1 child, so when I call with a problem I can get quick answers.
Related, Abbot previously had problems with their freestyle lite test strips. There were lawsuits, fines and most insurance dropped them from their covered diabetic suppliers.
> I bought a purpose-specific, old model iphone from "Back Market" with no SIM card, very briefly allowed it wifi access long enough to download the "Lingo" app, then set the phone to airplane mode. Dedicated, throwaway email and AppleID.
None of this actually matters if you went through the steps to use the app. The app is designed such that you agree to the terms before you can use it.
You can use all the throwaway emails, devices, VPNs, and other tricks in the world, but unless you can reliably demonstrate to a court that you were utilizing the app in a way that didn’t involve accepting any terms of service then they could simply demonstrate that it’s part of their app flow.
Even using tricks to utilize the device outside of the app wouldn’t help, because they could simply demonstrate that you weren’t using it as designed or intended.
I think my initial comment has been misunderstood.
I can't speak to, nor do I have any interest in, legally pursuing this random vendor.
The op implied, correctly I assume, that the Abbott terms are "toxic".
I am simply restating, as I very commonly do, that this vendor is not a government agency. They are not the IRS. They are not law enforcement. They are an adversarial party until proven otherwise and you owe them nothing.
If you ticked the agree-to-TOS box (even if anonymously and offline) then you still "agreed" to the TOS. At least in a legal sense.
I think you might be conflating some things.
This is such a bizarre gotcha in a world of rapidly decreasing technical and civil rights. I'm still waiting for someone here to pop out of the gallery during one of these trials going "well, akshually...", and turning everything around. Doesn't seem to be moving the needle, as it were.
> I highly recommend that any user of these devices do the same.
No thank you. I have to wear these devices 24/7 to keep me alive, and it was a huge quality of life improvement when I was able to control them all from my phone. I see literally no benefit to doing what you suggest.
HN School of Law: you can win big legal cases that don't exist on nerd technicalities that don't work in courtrooms that aren't real. Also you can pass their version of the Bar for $99 and your e-mail address.
Tidepool is a non-profit focused on diabetes. Among other things, they are working on an algorithm (loop) that does insulin dosing: https://www.tidepool.org/tidepool-loop
If one wants to separate the hardware (insulin pump, CGM) from the algorithm that controls them, seems like Tidepool is one org to talk to.
Can anyone find the link to the document that claims 7 patients died as a result of these false low glucose readings? It’s strange that this article would go to great lengths to include footnotes and sources for various things except for the core of their claim.
It appears to be in the fourth paragraph.
https://www.fda.gov/medical-devices/medical-device-recalls-a...
> As of November 14, 2025, Abbott has reported 736 serious injuries, and seven deaths associated with this issue.
FWIW CVS did sent out a letter via USPS (I use their mail order service) about the recall and the risk. I'm not sure what the "undisclosed bug" refers to.
I don't know how to feel about this article.
On one hand, this is a very, very bad bug. On the other, the article is almost of hit job to try to prove FOSS would have solved this issue. There are also a lot of completely factually incorrect statements and wild assumptions.
If my understanding is correct, the device in question, the Freestyle Libre 3, is the most popular continuous glucose monitor (GCM) in production. And, one of only a few approved GCMs available. By the very nature of being an extremely popular device that helps manage a chronic, high effort disease (diabetes management is a massive, massive mental drain) - you're going to have failures.
Not to mention, I've always been under the impression that GCMs have some faults and IF the device reports do not match your expectations, you should confirm with an alternative method (like a finger prick) or seek emergency medical attention (which should have been sought in these extreme circumstances, anyways).
-----
Here's the thing for me. FOSS essentially assumes that the user is going to be willing to understand the underlying details to know when FOSS fucks up. Yes, when FOSS fucks up. That's simply not realistic for any consumer product. If your argument for FOSS relies on users being able to read raw data and interpret things that are only learned by education, that's not a consumer grade solution.
Anecdotally, I used use Abbott's Lingo CGM a few months ago to help get me more data on a health issue I was having. I would never, ever, in my wildest dreams have trusted FOSS to get this right. There's simply too much money/effort/rigor involved in getting these biomedical devices correct to believe that the FOSS community could simply create a better product without actually doing any trials or studies. Not to mention, the recommended app (Juggluco) has a terrible UI. This just isn't going anywhere.
To be clear, this is a deadly bug and Abbott should be held accountable - but claiming the solution is some untested, untrailed, terrible UX is not the answer.
In the context of FOSS adherents in general, the belief is that a rising tide lifts all boats: that the work of one dedicated open source hobbyist auditing CGM code for flaws would benefit all CGM users one way or another, if I apply that general principle here as a specific example. However, the characteristic of shoddy UX is loosely correlated with how much the developer(s) choose to (and can afford to) spend developing their work, not with whether the work is open or closed source. The exact balance shifts over time based on cultural-economic shifts in both developer capability (“what’s a folder? does left-click mean I have to use my left hand?”) and in free time energy (“I did so many hours at work to afford rent/food next week that I have no energy left to care about PRs”).
In any case, I agree that the post falls quite flat at being effective advocacy here; to me, not because it clamors for “terrible UX”, but because it fails to make a case that the author’s desired FOSS outcome holds any value at all for those who don’t know or care about source code. It’s certainly a horror story but I’m quite inured to horror as a sales tactic, and that’s where it drops the ball.
> this is a very, very bad bug
Maybe, maybe not. We know nothing about the bug. It's impossible to judge this based only on the outcomes.
For all we know it could be something very innocuous, like a simple translation mistake.
Diabetes for the unfamiliar, in plain language:
1. Insulin helps get sugar into cells. Glucagon gets stored sugar out of the liver into the blood. Diabetes management in 2025 only deals with supplying external insulin.
2. There are several variants of diabetes. Type 1 is an autoimmune disorder where the body attacks the cells that make insulin.
3. Too much insulin equals all the sugar getting sucked out of your blood and lymph and into cells. This is really bad in an acute way. Your brain cannot run without sugar. Accidentally give yourself too much insulin for the sugars and wind up dead or in a coma in short order.
4. Highs are also bad, but generally in a less acute way. There are exceptions, but being too high with blood glucose for a period of time doesn't have the acute risks of being too low. Diabetics (or their caregivers) carry around quick absorbing sugar sources to help against a low.
5. The peak action (fastest reduction in blood glucose level) of the common insulin, in the way we dose it, peaks 90 - 120 minutes after the dose. The long tail is about 5 total hours of action from the point of dosing. So you should give insulin in advance of when you expect digestion to move glucose into your bloodstream. This is tricky. Also, as insulin ages, the peak of the action happens later. If a new vial is 90 minutes, an nearly empty vial might be 120 minutes after dosing for peak action.
6. CGMs, the on-body instrument in question here, are both flakey and amazing. There's a novel of good and bad here. I'm glad they exist, they can be cantankerous. They are a tiny potentiostat, if that is something you happen to be familiar with.
7. Very high blood sugar is treated with extra insulin to overcome the osmotic pressure of having too much glucose in the bloodstream. There's also a lot of chemistry here (glycocalyx to get you started). If your blood sugar is high you generally need more insulin to get past the hysteresis effects. Once the blood sugar starts to come down, that extra insulin is still around, and can cause a dramatic low. CGMs let you observe this, and "catch the low" by eating sugar to replenish the baseline sugar trapped in circulation.
8. Diabetes management is challenge every day, multiple times a day. Especially with small child who doesn't communicate to you about what they believe about their blood sugar. This is my personal circumstance.
9. Endocrinologists have suggested some wild stuff to my wife and I. For instance, keep a tube of cake icing around, as you can administer it rectally to a child who is passed out (or worse) from a deep low blood glucose. This is how poor the standard of care can be.
Father of 4.5 YO son with Type 1 diabetes, and materials engineer by education.
as a parent of a healthy child I was getting anxiety just from reading what you are going through with this. my dad and sister are diabetics but I can’t imagine dealing with a child…
> The FDA reports that Freestyle injured over 700 people and killed seven people with this bug. Spcifically, the bug caused the device to falsely report an extremely low glucose level. Advanced stage diabetics use low reading information to inform them that they may have too much insulin currently. The usual remedy is to eat something sugary to raise glucose in the blood. Such should be done only with great care, as a false low reading can harm and even kill the patient (who eats a high-sugar-content item while glucose in the blood is, in fact, not low)
I bet almost everyone with a device with that bug was injured more or less, because high blood sugar is a silent damager of many organs resulting in cumulative damage without overt short term symptoms of injury. For example, slow damage to eyesight, kidneys and nerves in the feet.
So my wife has a CGM and is stuck with a fancy pump that is supposed to "automatically" coordinate with her sensor to deliver or reduce insulin when it detects her numbers are too high/low.
I've always been suspicious of the yahoos writing the software that controls these kinds of devices being a security guy and all.
But I also would love to participate in, contribute to or help in any way with reverse engineering, open sourcing, or in some other way making it so that my wife's life isn't dependent upon the quality of software developed by the lowest bidder they could outsource it to.
If anyone knows how I could help please let me know who to reach out to.
There is an open source project using older pumps and somewhat older CGMs (Dexcom G6 and prior)
https://openaps.org/
I'm using Openaps with Omnipods. Nice not having to deal with proprietary apps.
Currently using Libre as sensor, luckily without their shit app. Dexcom was easier to set up.
Android APS, and xDrip. Getting watches to allow ble connection for CGMs is a great RE opportunity. It is really hard to have stable bluetooth connections.
I worked at medtronic in the early 2000's (early paradigm pumps) and were evaluating wireless protocols and security... at the time we determined it was impossible to secure, once the FDA approved another device maker that did have connectivity there was a scramble to catch up. (this was palmos/pocketpc era). It was fun work but I always remembered how insanely detailed the code was, 8bit low power microcontrollers (some 16bit) but really really really tight C code. Then the demand for remote control happened and that really crapped the bed. https://www.medtronic.com/en-us/e/product-security/security-...
The amazing developer Scott Hanselman built on a PalmOS app to store readings and if I recall correctly wore 2 pumps with fast/slow insulin... he had a cybernetic pancreas in the mid-2000's.
There is no such thing as "diabetes", people should start distinguishing between type 1 diabetes and type 2 diabetes - they are different diseases. Type 1 diabetes is an autoimmune disease with no cure, not caused by food, lifestyle or weight, and is an absolute living hell; while type 2 diabetes is caused by excessive weight and can sometimes be put into remission or even fully cured through weight loss.
Learn about type 1 diabetes to understand why this distinction matters.
Type 1 diabetes is not caused by food or weight. It results from an autoimmune reaction that completely destroys insulin-producing beta cells. No one understands what causes type 1 diabetes, but generally it's believed to be caused by viruses and infections. Sometimes you can read about "genetic factor", but overall majority of people with type 1 diabetes have no family history of this disease.
The incidence of type 1 diabetes has been increasing in many countries, and researchers do not yet understand why. It most often appears in children and young adults and currently has no cure.
Once again: type 1 diabetes appears to be random and has no cure. It's not caused by food or weight in the slightest. And your life (of life of your child and yours too) suddenly becomes an absolute living hell. Think about it for a second.
For some unknown reason public awareness of type 1 diabetes is hugely limited compared with other incurable diseases. For example, in the UK more people live with type 1 diabetes than with HIV, yet until someone is directly affected, they usually know nothing about this disease. It hits them like a train.
> Would FOSS Have Saved Patients' Lives?
FOSS can be written the same as any other software, and there's plenty of FOSS that fails to meet modern best practices.
But a software building code might have saved lives. The same way building codes save lives around the world every day, by ensuring safety-critical things in the world aren't slapped together haphazardly, and are tested for safety.
Ask your representatives in government to assemble a professional body to set software building codes for the software that could potentially kill you.