Seven Diabetes Patients Die Due to Undisclosed Bug in Abbott's Continuous Glucose Monitors
I wrote last month about my diabetes diagnosis this year and my difficult choice to wear a proprietary device (called a CGM ) on my arm 24/7 to continuously monitor my glucose levels. Like my friend and colleague, Karen M. Sandler — who previously made a much higher-stakes choice to receive a proprietary implanted defibrillator to keep her safe given her genetic heart condition — I reluctantly chose to attach proprietary hardware and software to my body.
The device itself is quite proprietary, but fortunately the FOSS community has reverse engineered its activation and data collection protocols — creating an Android application that does a better job than the manufacturers' proprietary ones0.
Here in the USA, we strangely use capitalism as the center of our health care system. Two major for-profit competing brands of CGM are available here. My diabetes specialist prefers the (ironically named) Freestyle Libre Plus from Abbott. I (also rather strangely) bring a prescription for electronics to a pharmacy every month. On 2025-12-03, that phramacy sent me an alarming text message (shown here).
Abbott Killed Seven Patients
After reading that text, I found the USA FDA announcement. My spouse cross-referenced the lot numbers while I read them off from all my Freestyle boxes1. I had indeed recently worn an impacted device!
Only because my diabetes is so early of a stage was I relatively safe. The FDA reports that Freestyle injured over 700 people and killed seven people with this bug. Spcifically, the bug caused the device to falsely report an extremely low glucose level. Advanced stage diabetics use low reading information to inform them that they may have too much insulin currently. The usual remedy is to eat something sugary to raise glucose in the blood. Such should be done only with great care, as a false low reading can harm and even kill the patient (who eats a high-sugar-content item while glucose in the blood is, in fact, not low).
Proprietary software in medical devices harming patients is not new. In 1985, the Therac-25 killed three people. In 2020, hundreds of patients who relied on a financially troubled tech startup found their occular implants suddenly unsupported. Some patients went blind as the devices powered down without updates. There are more examples that I could include here, but rereading this horrific stories is frankly more than I can take right now when I think of fellow diabetes sufferers who were “killed by code” recently..
Would FOSS Have Saved Patients' Lives?
It's hubris for activists to guarantee that harm would be prevented if Freestyle had publicly released the hardware specifications and the complete, corresponding source code ( CCS ). FOSS isn't immune to bugs — even dangerous ones. However, in the centuries since the Enlightenment, we know that the scientific method depends on public disclosure about data and wide-reaching peer review of past work. FOSS (plus a publicly disclosed hardware design) wouid allow the millions of hardware and software engineers to peer-review the integrity, security, and safety of the devices to which patients entrust their lives. We achieve the promise of humanity when we each entrust our safety and health to our entire community — not merely a single for-profit entity.
... continue reading